Andrew Sullivan wrote:
> This is not really analogous, because those are already on
Which is my point: you're suggesting we retrofit a security policy onto
PG that does not apply to the vast majority of the base system -- and
that if applied would require fundamental changes.
> Indeed. But that doesn't mean that the principle isn't sound for
> both cases. I haven't seen an argument against that yet.
Security (in the limited sense of "disabling features by default") is
not free; there is a tradeoff between security and convenience, security
and administrative simplicity, and so on. Given that I have yet to see a
single substantive argument for pl/pgsql being a security risk that has
withstood any scrutiny, I don't see that the "security" side of the
tradeoff has a lot of merit.
-Neil
