* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > * Tom Lane ([EMAIL PROTECTED]) wrote: > >> An admin who is concerned about this can revoke public access on the > >> functions for himself ... but should that be the default out-of-the-box > >> configuration? I feel more comfortable with saying "you have to turn > >> on this potentially-dangerous feature" than with saying you have to turn > >> it off. > > > I agree with having it turned off by default, at least in 8.2. > > Do we have a consensus to do this for 8.2? Or are we going to leave it > as is? Those are the only two realistic short-term options ...
I'm still of the opinion it'd be better disabled by default, but it
seems that the majority is going the other way. I guess in the end I'd
like to see most of these patched up in such a way that a given user
would be reasonably limited in their ability to DoS the server. That's
not going to happen today though.
Thanks,
Stephen
signature.asc
Description: Digital signature
