-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 21 Feb 2008 17:34:06 -0000 "Greg Sabino Mullane" <[EMAIL PROTECTED]> wrote:
> There are so many simple ways to "do bad things" /without/ plpgsql, I > just don't see how the theoretical harm in it being used as an attack > vector even comes close to the benefits of having it installed by > default. > Exactly, once a hacker has access all bets are off. This "theorectical" implication of badness isn't helpful without some level of practical application. It is so easy to DOS or DELETE a postgresql database if it were compromised that adding plpgsql is hardly a consideration with that argument. Sincerely, Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvbsXATb/zqfZUUQRAvW0AKCnr6I7lXqJXV9v3hCVgShp06w4lwCePaCx xWL/HvG0IGyztE0pzXJ7/kc= =h9tg -----END PGP SIGNATURE----- ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org