Re: plpgsql by default
От | Neil Conway |
---|---|
Тема | Re: plpgsql by default |
Дата | |
Msg-id | 1144794633.8825.43.camel@localhost.localdomain обсуждение исходный текст |
Ответ на | Re: plpgsql by default (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: plpgsql by default
Re: plpgsql by default Re: plpgsql by default |
Список | pgsql-hackers |
On Tue, 2006-04-11 at 17:20 -0400, Tom Lane wrote: > No, I'm saying that having access to a PL renders certain classes of > attacks significantly more efficient. A determined attacker with > unlimited time may not care, but in the real world, security is > relative. That's a fair point. Perhaps a compromise would be to enable pl/pgsql by default, but not grant the USAGE privilege on it. This would allow superusers to define pl/pgsql functions without taking any additional steps. Non-superusers could be given access to pl/pgsql via a simple GRANT -- either for all users via GRANT TO PUBLIC, or on a more granular basis as desired. This would lower the barrier to using pl/pgsql by a fairly significant margin, but not cause any additional security exposure that I can see. -Neil
В списке pgsql-hackers по дате отправления: