Andrew Sullivan wrote:This is not really analogous, because those are already onSecurity (in the limited sense of "disabling features by default") is not free; there is a tradeoff between security and convenience, security and administrative simplicity, and so on. Given that I have yet to see a single substantive argument for pl/pgsql being a security risk that has withstood any scrutiny, I don't see that the "security" side of the tradeoff has a lot of merit.
People who use views to achieve row security, which is a rather common paradigm, cannot allow users to create functions with side effects.
Mike Mascari
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
