-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 21 Feb 2008 17:34:06 -0000
"Greg Sabino Mullane" <greg@turnstep.com> wrote:
> There are so many simple ways to "do bad things" /without/ plpgsql, I
> just don't see how the theoretical harm in it being used as an attack
> vector even comes close to the benefits of having it installed by
> default.
>
Exactly, once a hacker has access all bets are off. This "theorectical"
implication of badness isn't helpful without some level of practical
application. It is so easy to DOS or DELETE a postgresql database if it
were compromised that adding plpgsql is hardly a consideration with that
argument.
Sincerely,
Joshua D. Drake
- --
The PostgreSQL Company since 1997: http://www.commandprompt.com/
PostgreSQL Community Conference: http://www.postgresqlconference.org/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvbsXATb/zqfZUUQRAvW0AKCnr6I7lXqJXV9v3hCVgShp06w4lwCePaCx
xWL/HvG0IGyztE0pzXJ7/kc=
=h9tg
-----END PGP SIGNATURE-----
