Re: pl/pgsql enabled by default

Mike,

> I think most people coming from any other enterprise-class RDBMS
> environment will be surprised that they cannot use VIEWs to provide
> user-specific views on data. I could be wrong, but I'd put money on it...

Well, I'd say that giving regular users the "create" permission on your 
database/schema is unwise, period.   I don't, even when the only user is 
"phpuser".  SQL injections attacks are no fun.

Also, as Andrew points out, this can't be used to circumvent view-based 
security if you've set it up correctly; if the user can't "select * from 
table", then he can't write a function to "select * from table."  

-- 
Josh Berkus
Aglio Database Solutions
San Francisco