Re: pl/pgsql enabled by default

Andrew Sullivan wrote:
> Sure it is.  "Don't enable anything you don't need," is the first
> security rule.  Everything is turned off by default.  If you want it,
> enable it.

So would you have us disable all the non-essential builtin functions? 
(Many of which have has security problems in the past.) What about the 
builtin encoding conversions, non-btree indexes, or a myriad of features 
that not all users need or use?

What makes sense for the default configuration of an operating system 
(which by nature must be hardened against attack) does not necessarily 
make sense for a database system.

-Neil