Re: pl/pgsql enabled by default
Neil Conway <neilc@samurai.com>
From: Neil Conway <neilc@samurai.com>
To: Andrew Sullivan <ajs@crankycanuck.ca>
Cc: pgsql-hackers@postgresql.org
Date: 2005-05-07T04:52:57Z
Lists: pgsql-hackers
Andrew Sullivan wrote: > Sure it is. "Don't enable anything you don't need," is the first > security rule. Everything is turned off by default. If you want it, > enable it. So would you have us disable all the non-essential builtin functions? (Many of which have has security problems in the past.) What about the builtin encoding conversions, non-btree indexes, or a myriad of features that not all users need or use? What makes sense for the default configuration of an operating system (which by nature must be hardened against attack) does not necessarily make sense for a database system. -Neil