Re: Including PL/PgSQL by default
| От | Tom Lane |
|---|---|
| Тема | Re: Including PL/PgSQL by default |
| Дата | |
| Msg-id | 3057.1203572403@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Including PL/PgSQL by default ("Greg Sabino Mullane" <greg@turnstep.com>) |
| Ответы |
Re: Including PL/PgSQL by default
|
| Список | pgsql-hackers |
"Greg Sabino Mullane" <greg@turnstep.com> writes:
> I'm not sure I understand the security implications of turning plpgsql on:
> has there been some security concerns in the past? Does having access
> to plpgsql really faciliate an attacker that much above what they might
> already be capable of without it? It seems quite trivial to write a
> function in sql that ties up resources just as effectively as plpgsql.
I grow weary of repeating this: it's not about resource consumption, nor
about potential security holes in plpgsql itself. It's about handing
attackers the capability to further exploit *other* security holes.
regards, tom lane
В списке pgsql-hackers по дате отправления: