Peter Eisentraut wrote:
>Tom Lane writes:
>
>
>
>>There are good security arguments not to have it in the default install,
>>no?
>>
>>
>
>I think last time the only reason we saw was that dump restoring would be
>difficult. I don't see any security reasons.
>
That could be overcome by doing a 'drop language' before running your
restore, couldn't it? Maybe it would also be useful for such cases to
have a switches on initdb and pg_dump to inhibit creation of the language.
I did see a reference in the archives to a problem with heavy recursion
as a possible security hole. I guess my answer to that would be that if
you are worried about it you should drop the language, but I don't see
this alone as a reason not to install it by default. After all, you
don't need plpgsql to bring the system to its knees :-)
But maybe there's some other reason my search didn't find.
cheers
andrew