Home > mailing lists

Re: plpgsql by default (was: Re: Remote administration contrib module) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: plpgsql by default (was: Re: Remote administration contrib module)
Date	April 11, 2006 02:57:26
Msg-id	3142.1144723508@sss.pgh.pa.us Whole thread Raw
In response to	plpgsql by default (was: Re: Remote administration contrib module) (Andrew - Supernews <andrew+nonews@supernews.com>)
Responses	Re: plpgsql by default ("Joshua D. Drake" <jd@commandprompt.com>)
List	pgsql-hackers

Tree view

Andrew - Supernews <andrew+nonews@supernews.com> writes:
> On 2006-04-10, Bruce Momjian <pgman@candle.pha.pa.us> wrote:
>>> [ security ]
>> It actually is the reason I have heard.

> And it was duly debunked.

That is the reasoning, and personally I agree with it.  You don't leave
sharp objects sitting around if you have no need to have them out.
The availability of plpgsql or other PLs makes for a significant jump
in what a bad guy can do if he gets access to the database, so if a
particular DB doesn't actually need the capability, it's best that it
not be there.  And that's without considering the possibility of genuine
security holes in the PL, but just supposing that it only does what it's
supposed to do.
        regards, tom lane

pgsql-hackers by date:

From: Bruce Momjian
Date: 11 April 2006, 02:36:55
Subject: Re: Domains as Subtypes

From: Andrew - Supernews
Date: 11 April 2006, 03:26:54
Subject: Re: plpgsql by default (was: Re: Remote administration contrib module)

Re: plpgsql by default (was: Re: Remote administration contrib module) - Mailing list pgsql-hackers

Previous

Next