Re: [PATCHES] Warning for missing createlang

Peter Eisentraut wrote:

>Tom Lane writes:
>
>  
>
>>There are good security arguments not to have it in the default install,
>>no?
>>    
>>
>
>I think last time the only reason we saw was that dump restoring would be
>difficult.  I don't see any security reasons.
>

That could be overcome by doing a 'drop language' before running your 
restore, couldn't it? Maybe it would also be useful for such cases to 
have a switches on initdb and pg_dump to inhibit creation of the language.

I did see a reference in the archives to a problem with heavy recursion 
as a possible security hole. I guess my answer to that would be that if 
you are worried about it you should drop the language, but I don't see 
this alone as a reason not to install it by default. After all, you 
don't need plpgsql to bring the system to its knees :-)

But maybe there's some other reason my search didn't find.

cheers

andrew