Tom Lane wrote:
> In the end it's only one small component of security, but any security
> expert will tell you that you take all the layers of security that you
> can get. If you don't need a given bit of functionality, it shouldn't
> get installed.
>
I think any security expert would say that if let non trustworthy people get so far as to
create their own SQL statements, you're in big trouble. Plpgsql or not. I fail to see what
the real issue is here. Your argument is analog to saying "don't install bash on a Linux
system by default. People might do bad things with it".
Regards,
Thomas Hallgren