Generally, the stuff in pgcontrib, when installed, only affect a single database. Any external C code is implemented as shared libraries and is loaded on demand. For databases not configured, they won't even see them.
As for security risks, this is the only real issue. The code is not in the main server and so may not have been checked as thoroughly. The pgcrypto module is (AFAIK) just a group of standard algorithms so I'd be surprised if there were any issues there. One question though, if you are granted filesystem access to the server, there's no reason why you couldn't just get the pgcrypto module in your home directory and load it into the server yourself. I think all you need is superuser access to your database to loaded untrusted modules... Hope this helps, On Thu, Jan 06, 2005 at 01:28:18PM +0000, Andre Felipe Machado wrote: > Hello, > My hosting provider is unwilling to install postgresql-contrib package, > fearing that it will negatively impact other users, brake their sites, or > security flaws and so on. > Are there any risks involved? > I need pgcrypto digest function. Is there a "no risk" install procedure. > If he installs only the pgcrypto, not the whole contrib package, are there > risks remaining? > Regards. > Andre Felipe > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.
pgpJVznlCDbiM.pgp
Description: PGP signature
