| From: | David Fetter <david(at)fetter(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, andrew(at)supernews(dot)com |
| Subject: | Re: plpgsql by default |
| Date: | 2006-04-12 15:53:49 |
| Message-ID: | 20060412155349.GC32424@fetter.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 12, 2006 at 12:32:52PM +0200, Peter Eisentraut wrote:
> Am Dienstag, 11. April 2006 23:20 schrieb Tom Lane:
> > In the end it's only one small component of security, but any
> > security expert will tell you that you take all the layers of
> > security that you can get.
>
> I think what the security experts are saying is that you need a
> thorough evaluation of assets, attackers, risks, and
> countermeasures, and I don't see that here.
Exactly. One security expert you may have heard of, Bruce Schneier,
has laid out a 5-step process, and we haven't gotten to step 1 yet
where the proposal is "turn PL/PgSQL off by default."
Bruce Schneier's 5-Step Security Evaluation
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What costs and tradeoffs does the security solution impose?
Let's start with step 1 and go forward from there.
Cheers,
D
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter
Remember to vote!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2006-04-12 16:03:32 | Re: Practical impediment to supporting multiple SSL libraries |
| Previous Message | Martijn van Oosterhout | 2006-04-12 15:48:19 | Practical impediment to supporting multiple SSL libraries |