Quick Links

Re: Installing PL/pgSQL by default

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc:	Bruce Momjian <bruce(at)momjian(dot)us>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Robert Haas <robertmhaas(at)gmail(dot)com>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, Thom Brown <thombrown(at)gmail(dot)com>, PGSQL Mailing List <pgsql-general(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org, Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
Subject:	Re: Installing PL/pgSQL by default
Date:	2009-12-04 06:01:06
Message-ID:	15661.1259906466@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Before we go too far with this, I'd like to know how we will handle the
> problems outlined here:
> <http://archives.postgresql.org/pgsql-hackers/2008-02/msg00916.php>

Hm, I think that's only a problem if we define it to be a problem,
and I'm not sure it's necessary to do so. Currently, access to PL
languages is controlled by superusers. You are suggesting that if
plpgsql is installed by default, then access to it should be controlled
by non-superuser DB owners instead. Why do we have to move the
goalposts in that direction? It's not like we expect that DB owners
should control access to other built-in facilities, like int8 or
pg_stat_activity for example. The argument against having plpgsql
always available is essentially one of security risks, and I would
expect that most installations think that security risks are to be
managed by superusers.

regards, tom lane

In response to

Re: Installing PL/pgSQL by default at 2009-12-04 00:27:48 from Andrew Dunstan

Responses

Re: [HACKERS] Installing PL/pgSQL by default at 2009-12-04 10:07:58 from Andrew Gierth
Re: Installing PL/pgSQL by default at 2009-12-09 02:39:12 from Bruce Momjian

Browse pgsql-general by date

	From	Date	Subject
Next Message	A. Kretschmer	2009-12-04 06:35:40	Re: SELECTing every Nth record for better performance
Previous Message	Richard Broersma	2009-12-04 05:50:57	Re: SELECTing every Nth record for better performance

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jeff Davis	2009-12-04 06:17:40	Re: Listen / Notify - what to do when the queue is full
Previous Message	tomas	2009-12-04 05:50:51	Re: operator exclusion constraints