Re: pl/pgsql enabled by default
Josh Berkus <josh@agliodbs.com>
From: Josh Berkus <josh@agliodbs.com>
To: Mike Mascari <mascarm@mascari.com>
Cc: pgsql-hackers@postgresql.org
Date: 2005-05-08T18:03:36Z
Lists: pgsql-hackers
Mike, > I think most people coming from any other enterprise-class RDBMS > environment will be surprised that they cannot use VIEWs to provide > user-specific views on data. I could be wrong, but I'd put money on it... Well, I'd say that giving regular users the "create" permission on your database/schema is unwise, period. I don't, even when the only user is "phpuser". SQL injections attacks are no fun. Also, as Andrew points out, this can't be used to circumvent view-based security if you've set it up correctly; if the user can't "select * from table", then he can't write a function to "select * from table." -- Josh Berkus Aglio Database Solutions San Francisco