Simon Riggs wrote:
> I support Andrew's comment, though might reword it to
> "Don't enable anything that gives users programmable features or user
> exits by default".
Users can already define SQL functions by default, which certainly
provides "programmable features". I'm not quite sure what you mean by
"user exits."
I guess I'm missing how pl/pgsql is a fundamentally greater security risk.
> You can't use the builtin encoding functions or non-btree indexes to
> access things you are not supposed to.
How can you use pl/pgsql to "access things you are not supposed to"?
-Neil