Re: pl/pgsql enabled by default

From: Neil Conway <neilc(at)samurai(dot)com>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pl/pgsql enabled by default
Date: 2005-05-06 05:37:21
Message-ID: 427B0291.5020709@samurai.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Josh Berkus wrote:
> The only one I can think of is "security", which is pretty weak -- we've never
> had a plpgsql security issue that I know of.

Well, no -- for instance,

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247

But I agree security is not a good argument against enabling it by default.

-Neil

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2005-05-06 06:20:09 Re: Views, views, views! (long)
Previous Message Josh Berkus 2005-05-06 05:31:16 Re: pl/pgsql enabled by default