Re: Including PL/PgSQL by default

On Fri, 22 Feb 2008, D'Arcy J.M. Cain wrote:

> On Fri, 22 Feb 2008 07:37:55 +0000
> "Dave Page" <dpage(at)pgadmin(dot)org> wrote:
> > I know I'm gonna regret wading in on this, but in my mind this is akin
> > to one of the arguments for including tsearch in the core server -
> > namely that too many brain dead hosting providers won't add a contrib
> > module or anything else in a customer's database because they don't
>
> So their clients will go somewhere <PLUG URL="http://www.Vex.Net/" />
> that does understand what they are installing and can support their
> users properly. How far are we supposed to go to support the clueless?

Being someone on one of these "clueless" providers, I wrote the patch
(which made it into 8.3) which allows database owners to create trusted
languages. For me, this was just far enough. The clueless tend to
"CREATE DATABASE %s OWNER %s", so then I can CREATE LANGUAGE plpgsql if I
want it. This does not provide any detriment to the clueful, who can
always REVOKE the privilege to create any PL (the patch also added ACL
stuff for this). And, since the clueful tend to run web apps and such as
non-database owners, if the web app was compromised and the db did not
explicitly load plpgsql, the attacker could not use it.

>
> > understand that just because it's not there by default doesn't mean
> > it's in any way second rate. Including pl/pgsql in template1 will help
> > those folks who forwhatever reason use such providers, whilst more
> > savvy providers can easily disable it post-initdb if thats what they
> > want to do.
>
> And the first time someone uses pl/pgsql to do harm, even if it is due
> to their mis-configuration, who gets blamed?
>
>

--
The primary theme of SoupCon is communication. The acronym "LEO"
represents the secondary theme:

Law Enforcement Officials

The overall theme of SoupCon shall be:

Avoiding Communication with Law Enforcement Officials

-- M. Gallaher