On 9/22/06, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Tom Lane (tgl@sss.pgh.pa.us) wrote:
> >> An admin who is concerned about this can revoke public access on the
> >> functions for himself ... but should that be the default out-of-the-box
> >> configuration? I feel more comfortable with saying "you have to turn
> >> on this potentially-dangerous feature" than with saying you have to turn
> >> it off.
>
> > I agree with having it turned off by default, at least in 8.2.
>
> Do we have a consensus to do this for 8.2? Or are we going to leave it
> as is? Those are the only two realistic short-term options ...
there are plenty of other potentially nasty things (like
generate_series and the ! operator). why are advisory_locks handled
specially? the way it stands right now is a user with command access
can DoS a server after five minutes of research on the web.
however, if we decide to lock them, it should be documented as such.
advisory locks still show up as 'userlock' in the pg_locks view. does
this matter?
merlin
