Quick Links

Re: pl/pgsql enabled by default

From:	Neil Conway <neilc(at)samurai(dot)com>
To:	Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: pl/pgsql enabled by default
Date:	2005-05-07 04:52:57
Message-ID:	427C49A9.9030503@samurai.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andrew Sullivan wrote:
> Sure it is. "Don't enable anything you don't need," is the first
> security rule. Everything is turned off by default. If you want it,
> enable it.

So would you have us disable all the non-essential builtin functions?
(Many of which have has security problems in the past.) What about the
builtin encoding conversions, non-btree indexes, or a myriad of features
that not all users need or use?

What makes sense for the default configuration of an operating system
(which by nature must be hardened against attack) does not necessarily
make sense for a database system.

-Neil

In response to

Re: pl/pgsql enabled by default at 2005-05-06 16:19:12 from Andrew Sullivan

Responses

Re: pl/pgsql enabled by default at 2005-05-07 09:47:07 from Simon Riggs
Re: pl/pgsql enabled by default at 2005-05-07 14:56:42 from Andrew Sullivan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2005-05-07 05:17:14	Re: Patch for collation using ICU
Previous Message	John Hansen	2005-05-07 04:44:58	Re: Patch for collation using ICU