> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Merlin Moncure > Sent: 12 avril 2006 12:22 > To: Neil Conway > Cc: Tom Lane; David Fetter; Jim C. Nasby; Joshua D. Drake; > [EMAIL PROTECTED]; pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] plpgsql by default > > On 4/11/06, Neil Conway <[EMAIL PROTECTED]> wrote: > > On Tue, 2006-04-11 at 17:20 -0400, Tom Lane wrote: > > > No, I'm saying that having access to a PL renders certain > classes of > > > attacks significantly more efficient. A determined attacker with > > > unlimited time may not care, but in the real world, security is > > > relative. > > > > That's a fair point. > > > > Perhaps a compromise would be to enable pl/pgsql by > default, but not > > grant the USAGE privilege on it. This would allow > superusers to define >
One way to circumvent the hassle of having to create the language is to create the database from a template that has the language , hence semi-default plpgsql handler by "default". On the security side, if you implement strong ACLS on the data manipulation if the database is compromised to a level where a low priviliged user database access is compromised there shouldn't be any danger toward having them using SQL or plpgsql. The dark side of this could be some type of privilege escalation scheme present inside postgresql. As example MS-SQL xp_* stored proc, are a vulnerability vector if the compromised user can execute them. So if by default the attacked application is running as the "postgres" user, what will you do to prevent them from manipulating internal's? :) -elz AVERTISSEMENT CONCERNANT LA CONFIDENTIALITE Le present message est a l'usage exclusif du ou des destinataires mentionnes ci-dessus. Son contenu est confidentiel et peut etre assujetti au secret professionnel. Si vous avez recu le present message par erreur, veuillez nous en aviser immediatement et le detruire en vous abstenant d'en faire une copie, d'en divulguer le contenu ou d'y donner suite. CONFIDENTIALITY NOTICE This communication is intended for the exclusive use of the addressee identified above. Its content is confidential and may contain privileged information. If you have received this communication by error, please notify the sender and delete the message without copying or disclosing it. ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
