Re: [HACKERS] Updating column on row update

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Thom Brown <thombrown@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Craig Ringer <craig@postnewspapers.com.au>, Scott Marlowe <scott.marlowe@gmail.com>, PGSQL Mailing List <pgsql-general@postgresql.org>, pgsql-hackers@postgresql.org
Date: 2009-11-23T14:38:34Z
Lists: pgsql-hackers, pgsql-general
Thom Brown <thombrown@gmail.com> writes:
> As for having plpgsql installed by default, are there any security
> implications?

Well, that's pretty much exactly the question --- are there?  It would
certainly make it easier for someone to exploit any other security
weakness they might find.  I believe plain SQL plus SQL functions is
Turing-complete, but that doesn't mean it's easy or fast to write loops
etc in it.

			regards, tom lane