Search Postgresql Archives

Re: [HACKERS] Updating column on row update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2009/11/23 Tom Lane <tgl@xxxxxxxxxxxxx>
Thom Brown <thombrown@xxxxxxxxx> writes:
> As for having plpgsql installed by default, are there any security
> implications?

Well, that's pretty much exactly the question --- are there?  It would
certainly make it easier for someone to exploit any other security
weakness they might find.  I believe plain SQL plus SQL functions is
Turing-complete, but that doesn't mean it's easy or fast to write loops
etc in it.

                       regards, tom lane

I personally find it more important to gracefully add plpgsql if it doesn't already exist than to rely on it already being there.  In a way it wouldn't solve this problem as someone could have still removed it.  Other procedural languages could benefit from some sort of check too.

Thom
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux