Peter Eisentraut wrote: > Bruce Momjian wrote: > > I think the issue was that adding these fuctions adds a potential > > security opening, so we didn't want it in core by default, but > > /contrib seems logical because anyone who needs it can just add it. > > Well, if there are security issues, then this is a poor fix. A lot of > people use pgAdmin, many of them less experienced with PostgreSQL, so > before long all of these functions are going to be installed at many > sites anyway. If there are _security_ issues, they need to be fixed > before things go into contrib.
The logic is why add functionality by default that can be used as a potential security hole if you are not using it. > > This is similar to the fact we don't include plpgsql by default in > > databases, for the same reason, > > I doubt that that is really the reason. It actually is the reason I have heard. -- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
