Kris Jurka <[EMAIL PROTECTED]> writes:
> On Wed, 30 Jul 2008, Alvaro Herrera wrote:
>> I do agree that creating base types should require a superuser though.
>> It too seems dangerous just on principle, even if today there's no
>> actual hole (that we already know of).
> pl/java already allows non-superusers to create functions returning
> cstring and base types built off of these functions.
So in other words, if pl/java is installed we have a security hole
a mile wide.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
