Re: pl/pgsql enabled by default

From: Neil Conway <neilc(at)samurai(dot)com>
To: Mike Mascari <mascarm(at)mascari(dot)com>
Cc: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pl/pgsql enabled by default
Date: 2005-05-08 02:05:57
Message-ID: 427D7405.2090605@samurai.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Mike Mascari wrote:
> People who use views to achieve row security, which is a rather common
> paradigm, cannot allow users to create functions with side effects.

Can you elaborate? I'm not sure I follow you.

(I'll note anyway that (1) SQL functions can have side effects: CREATE
FUNCTION foo() RETURNS VOID AS 'DELETE FROM ...', for example (2)
Administrators can always choose to drop pl/pgsql for a particular
database, disable it at initdb time, or REVOKE usage of pl/pgsql for
particular users.)

-Neil

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Mike Mascari 2005-05-08 02:20:55 Re: pl/pgsql enabled by default
Previous Message Tatsuo Ishii 2005-05-08 02:01:10 Re: Invalid unicode in COPY problem