On Tue, Oct 19, 2004 at 08:47:20AM -0400, Andrew Dunstan wrote: > But maybe we can just live with what we have and advertise that 8.0's > plperl is more secure.
The release notes should point out that 7.4's plperl is unsecure unless the correct version of Safe.pm is installed. Maybe it works to make it croak if an unsafe version of Safe.pm is found? I'm not sure about "living with" known security vulnerabilities. What about ISPs which give Pg hosting with plperl installed? They surely will want to know about this. -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) One man's impedance mismatch is another man's layer of abstraction. (Lincoln Yeoh) ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
