Re: pl/pgsql enabled by default

Neil Conway <neilc@samurai.com>

From: Neil Conway <neilc@samurai.com>
To: Josh Berkus <josh@agliodbs.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2005-05-06T05:37:21Z
Lists: pgsql-hackers
Josh Berkus wrote:
> The only one I can think of is "security", which is pretty weak -- we've never 
> had a plpgsql security issue that I know of.

Well, no -- for instance,

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247

But I agree security is not a good argument against enabling it by default.

-Neil