Re: pl/pgsql enabled by default
Neil Conway <neilc@samurai.com>
From: Neil Conway <neilc@samurai.com>
To: Josh Berkus <josh@agliodbs.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2005-05-06T05:37:21Z
Lists: pgsql-hackers
Josh Berkus wrote: > The only one I can think of is "security", which is pretty weak -- we've never > had a plpgsql security issue that I know of. Well, no -- for instance, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 But I agree security is not a good argument against enabling it by default. -Neil