| From: | Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
|---|---|
| To: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: plpgsql by default |
| Date: | 2006-04-12 14:28:30 |
| Message-ID: | 443D0E8E.9080701@pse-consulting.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dave Page wrote:
>
>
> Keeping PostgreSQL as secure as possible out of the box pretty much
> requires us to do the same in my mind - if an major feature such as
> pl/pgsql is easy for the user to enable should they want it, then it
> should be disabled by default to minimise the number of attack vectors
> for all those users that do not want it.
I wonder if Oracle ever recommended disabling PL/SQL (not to mention MS
Transact-SQL)...
Regards,
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gaetano Mendola | 2006-04-12 14:32:33 | Re: [HACKERS] RH9 postgresql 8.0.7 rpm |
| Previous Message | Richard Huxton | 2006-04-12 14:23:42 | Re: Get explain output of postgresql in Tables |