The reasons are that most people don't want to have to know all the little details just to get started. Reading through this thread, the arguments really seem to boil down to 'it's added default bloat that is not required' and 'it is the procedural language of the platform and should be included'. (all the security concerns really boil down to implementation details, SQL injection with standard SQL is just as dangerous)
As a packager, I respond to customer pressure by solving their needs, so I pre-package those contrib's as needed, but I do feel that they should be reviewed as potential core inclusions
Andrew Satori - Owner & Janitor Druware Software Designs Business Solutions for Small Business http://www.druware.com/ On Feb 22, 2008, at 11:09 AM, Andrew Dunstan wrote:
Roberts, Jon wrote:However, you can not create anything in Oracle without being given permission to create it. The notion that you can create a function because you have connect rights to the database is foreign to me. Connect should mean connect, not connect AND create.Include the language by default and remove CREATE on the public schema.You'd need more than that.For example, since we don't support temp functions, we should probably ban the creation of functions in temp schemas (which I found was possible).cheers andrew---------------------------(end of broadcast)---------------------------TIP 6: explain analyze is your friend
smime.p7s
Description: S/MIME cryptographic signature
