Re: Including PL/PgSQL by default

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 21 Feb 2008 17:34:06 -0000
"Greg Sabino Mullane" <greg@turnstep.com> wrote:

> There are so many simple ways to "do bad things" /without/ plpgsql, I
> just don't see how the theoretical harm in it being used as an attack
> vector even comes close to the benefits of having it installed by
> default.
> 

Exactly, once a hacker has access all bets are off. This "theorectical"
implication of badness isn't helpful without some level of practical
application. It is so easy to DOS or DELETE a postgresql database if it
were compromised that adding plpgsql is hardly a consideration with that
argument.

Sincerely,

Joshua D. Drake
- -- 
The PostgreSQL Company since 1997: http://www.commandprompt.com/ 
PostgreSQL Community Conference: http://www.postgresqlconference.org/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director |  PostgreSQL political pundit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHvbsXATb/zqfZUUQRAvW0AKCnr6I7lXqJXV9v3hCVgShp06w4lwCePaCx
xWL/HvG0IGyztE0pzXJ7/kc=
=h9tg
-----END PGP SIGNATURE-----