| From: | Thomas Hallgren <thomas(at)tada(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: plpgsql by default |
| Date: | 2006-04-11 22:17:34 |
| Message-ID: | 443C2AFE.3000301@tada.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> In the end it's only one small component of security, but any security
> expert will tell you that you take all the layers of security that you
> can get. If you don't need a given bit of functionality, it shouldn't
> get installed.
>
I think any security expert would say that if let non trustworthy people get so far as to
create their own SQL statements, you're in big trouble. Plpgsql or not. I fail to see what
the real issue is here. Your argument is analog to saying "don't install bash on a Linux
system by default. People might do bad things with it".
Regards,
Thomas Hallgren
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew - Supernews | 2006-04-11 22:19:45 | Re: plpgsql by default |
| Previous Message | Joshua D. Drake | 2006-04-11 22:15:33 | Re: plpgsql by default |