Andrew Dunstan <andrew@dunslane.net> writes:
> I did see a reference in the archives to a problem with heavy recursion
> as a possible security hole. I guess my answer to that would be that if
> you are worried about it you should drop the language, but I don't see
> this alone as a reason not to install it by default. After all, you
> don't need plpgsql to bring the system to its knees :-)
Yeah, now that we allow recursion in SQL functions, you don't need a PL
language to overflow the stack. So that particular argument is seeming
a bit weak. Were there any other security arguments against making
plpgsql standard?
Inability to load existing pg_dump archives might be a bigger objection.
However, we could fix that if pg_restore were modified to not stop dead
in its tracks upon encountering an error. IMHO that was a wrong choice
from the beginning ... pg_dump scripts don't act that way, and
pg_restore should not either.
regards, tom lane