Quick Links

Re: pl/pgsql enabled by default

From:	Neil Conway <neilc(at)samurai(dot)com>
To:	Simon Riggs <simon(at)2ndquadrant(dot)com>
Cc:	Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: pl/pgsql enabled by default
Date:	2005-05-07 10:29:54
Message-ID:	427C98A2.6090703@samurai.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Simon Riggs wrote:
> I support Andrew's comment, though might reword it to
> "Don't enable anything that gives users programmable features or user
> exits by default".

Users can already define SQL functions by default, which certainly
provides "programmable features". I'm not quite sure what you mean by
"user exits."

I guess I'm missing how pl/pgsql is a fundamentally greater security risk.

> You can't use the builtin encoding functions or non-btree indexes to
> access things you are not supposed to.

How can you use pl/pgsql to "access things you are not supposed to"?

-Neil

In response to

Re: pl/pgsql enabled by default at 2005-05-07 09:47:07 from Simon Riggs

Responses

Re: pl/pgsql enabled by default at 2005-05-07 15:38:40 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Greg Stark	2005-05-07 10:59:55	Re: pgFoundry
Previous Message	Simon Riggs	2005-05-07 09:47:07	Re: pl/pgsql enabled by default