On 4/11/06, Neil Conway <[EMAIL PROTECTED]> wrote:
> On Tue, 2006-04-11 at 17:20 -0400, Tom Lane wrote:
> > No, I'm saying that having access to a PL renders certain classes of
> > attacks significantly more efficient. A determined attacker with
> > unlimited time may not care, but in the real world, security is
> > relative.
>
> That's a fair point.
>
> Perhaps a compromise would be to enable pl/pgsql by default, but not
> grant the USAGE privilege on it. This would allow superusers to define
+1 (+10 if I could, and I'm doing my best not to pontificate about security)
merlin
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
