| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCHES] Warning for missing createlang |
| Date: | 2003-09-06 13:14:57 |
| Message-ID: | 3F59DDD1.9040104@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Peter Eisentraut wrote:
>Tom Lane writes:
>
>
>
>>There are good security arguments not to have it in the default install,
>>no?
>>
>>
>
>I think last time the only reason we saw was that dump restoring would be
>difficult. I don't see any security reasons.
>
That could be overcome by doing a 'drop language' before running your
restore, couldn't it? Maybe it would also be useful for such cases to
have a switches on initdb and pg_dump to inhibit creation of the language.
I did see a reference in the archives to a problem with heavy recursion
as a possible security hole. I guess my answer to that would be that if
you are worried about it you should drop the language, but I don't see
this alone as a reason not to install it by default. After all, you
don't need plpgsql to bring the system to its knees :-)
But maybe there's some other reason my search didn't find.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mendola Gaetano | 2003-09-06 13:46:33 | Re: Notices for redundant operations |
| Previous Message | Peter Eisentraut | 2003-09-06 11:25:18 | Re: Notices for redundant operations |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-09-06 16:52:13 | Re: [PATCHES] Warning for missing createlang |
| Previous Message | Peter Eisentraut | 2003-09-06 11:29:13 | Re: minor documentation improvements |