Re: pl/pgsql enabled by default
Neil Conway <neilc@samurai.com>
From: Neil Conway <neilc@samurai.com>
To: Andrew Sullivan <ajs@crankycanuck.ca>
Cc: pgsql-hackers@postgresql.org
Date: 2005-05-07T23:22:55Z
Lists: pgsql-hackers
Andrew Sullivan wrote: > This is not really analogous, because those are already on Which is my point: you're suggesting we retrofit a security policy onto PG that does not apply to the vast majority of the base system -- and that if applied would require fundamental changes. > Indeed. But that doesn't mean that the principle isn't sound for > both cases. I haven't seen an argument against that yet. Security (in the limited sense of "disabling features by default") is not free; there is a tradeoff between security and convenience, security and administrative simplicity, and so on. Given that I have yet to see a single substantive argument for pl/pgsql being a security risk that has withstood any scrutiny, I don't see that the "security" side of the tradeoff has a lot of merit. -Neil