On Tue, Apr 11, 2006 at 05:20:02PM -0400, Tom Lane wrote: > David Fetter <[EMAIL PROTECTED]> writes: > > I don't get your not getting this 'cause you're a very smart guy. > > Are you under the impression that an attacker will stop because he > > has to try a few times? > > No, I'm saying that having access to a PL renders certain classes of > attacks significantly more efficient. A determined attacker with > unlimited time may not care, but in the real world, security is > relative. You don't have to make yourself an impenetrable target, > only a harder target than the next IP address --- or at least hard > enough that the attacker's likely to get noticed before he's > succeeded. (And certainly, doing anything compute-intensive via > recursive SQL functions is not the way to go unnoticed.) > > In the end it's only one small component of security, but any > security expert will tell you that you take all the layers of > security that you can get. If you don't need a given bit of > functionality, it shouldn't get installed.
As others have mentioned, and I will reiterate here: 1. Anyone who imagines that PL/PgSQL presents a bigger or more vulnerable attack surface can remove it via DROP LANGUAGE. 2. Anybody who wants to do harm inside the database can do it to arbitrary levels of damage in SQL with RULEs, recursive functions, set-returning functions, etc. Cheers, D -- David Fetter <[EMAIL PROTECTED]> http://fetter.org/ phone: +1 415 235 3778 AIM: dfetter666 Skype: davidfetter Remember to vote! ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
