Re: pl/pgsql enabled by default

Neil Conway wrote:
> Andrew Sullivan wrote:
>> This is not really analogous, because those are already on
> Security (in the limited sense of "disabling features by default") is 
> not free; there is a tradeoff between security and convenience, security 
> and administrative simplicity, and so on. Given that I have yet to see a 
> single substantive argument for pl/pgsql being a security risk that has 
> withstood any scrutiny, I don't see that the "security" side of the 
> tradeoff has a lot of merit.

People who use views to achieve row security, which is a rather common 
paradigm, cannot allow users to create functions with side effects.

Mike Mascari