| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: plpgsql by default |
| Date: | 2006-04-11 16:45:43 |
| Message-ID: | 443BDD37.6060006@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> What does enabling plpgsql do via access that you can't just do from an
>> SQL query?
>
> SQL isn't Turing-complete --- plpgsql is. So if our would-be hacker has
> a need to do some computation incidental to his hack, he can certainly
> get it done in plpgsql, but not necessarily in plain SQL.
O.k. sure... but if the hackers wants to do something really bad it is
easy to do so in SQL... TRUNCATE, DELETE FROM, VACUUM FULL, DROP... ,
SELECT generate_series()
Sincerely,
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2006-04-11 16:46:47 | Re: plpgsql by default |
| Previous Message | Joshua D. Drake | 2006-04-11 16:44:14 | Re: plpgsql by default |