From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Robert Haas <robertmhaas(at)gmail(dot)com>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, Thom Brown <thombrown(at)gmail(dot)com>, PGSQL Mailing List <pgsql-general(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org, Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
Subject: | Re: Installing PL/pgSQL by default |
Date: | 2009-12-04 06:01:06 |
Message-ID: | 15661.1259906466@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Before we go too far with this, I'd like to know how we will handle the
> problems outlined here:
> <http://archives.postgresql.org/pgsql-hackers/2008-02/msg00916.php>
Hm, I think that's only a problem if we define it to be a problem,
and I'm not sure it's necessary to do so. Currently, access to PL
languages is controlled by superusers. You are suggesting that if
plpgsql is installed by default, then access to it should be controlled
by non-superuser DB owners instead. Why do we have to move the
goalposts in that direction? It's not like we expect that DB owners
should control access to other built-in facilities, like int8 or
pg_stat_activity for example. The argument against having plpgsql
always available is essentially one of security risks, and I would
expect that most installations think that security risks are to be
managed by superusers.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | A. Kretschmer | 2009-12-04 06:35:40 | Re: SELECTing every Nth record for better performance |
Previous Message | Richard Broersma | 2009-12-04 05:50:57 | Re: SELECTing every Nth record for better performance |
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Davis | 2009-12-04 06:17:40 | Re: Listen / Notify - what to do when the queue is full |
Previous Message | tomas | 2009-12-04 05:50:51 | Re: operator exclusion constraints |