Re: pl/pgsql enabled by default

From: Neil Conway <neilc(at)samurai(dot)com>
To: Simon Riggs <simon(at)2ndquadrant(dot)com>
Cc: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pl/pgsql enabled by default
Date: 2005-05-07 10:29:54
Message-ID: 427C98A2.6090703@samurai.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Simon Riggs wrote:
> I support Andrew's comment, though might reword it to
> "Don't enable anything that gives users programmable features or user
> exits by default".

Users can already define SQL functions by default, which certainly
provides "programmable features". I'm not quite sure what you mean by
"user exits."

I guess I'm missing how pl/pgsql is a fundamentally greater security risk.

> You can't use the builtin encoding functions or non-btree indexes to
> access things you are not supposed to.

How can you use pl/pgsql to "access things you are not supposed to"?

-Neil

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Stark 2005-05-07 10:59:55 Re: pgFoundry
Previous Message Simon Riggs 2005-05-07 09:47:07 Re: pl/pgsql enabled by default