Re: postgresql-contrib risks?

Generally, the stuff in pgcontrib, when installed, only affect a single
database. Any external C code is implemented as shared libraries and is
loaded on demand. For databases not configured, they won't even see
them.

As for security risks, this is the only real issue. The code is not in
the main server and so may not have been checked as thoroughly. The
pgcrypto module is (AFAIK) just a group of standard algorithms so I'd
be surprised if there were any issues there.

One question though, if you are granted filesystem access to the
server, there's no reason why you couldn't just get the pgcrypto module
in your home directory and load it into the server yourself. I think
all you need is superuser access to your database to loaded untrusted
modules...

Hope this helps,

On Thu, Jan 06, 2005 at 01:28:18PM +0000, Andre Felipe Machado wrote:
> Hello,
> My hosting provider is unwilling to install postgresql-contrib package,
> fearing that it will negatively impact other users, brake their sites, or
> security flaws and so on.
> Are there any risks involved?
> I need pgcrypto digest function. Is there a "no risk" install procedure.
> If he installs only the pgcrypto, not the whole contrib package, are there
> risks remaining?
> Regards.
> Andre Felipe
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org

--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.