On 2006-04-11, Tom Lane <[EMAIL PROTECTED]> wrote: > Andrew - Supernews <[EMAIL PROTECTED]> writes: >> On 2006-04-10, Bruce Momjian <pgman@candle.pha.pa.us> wrote: >>>> [ security ] >>> It actually is the reason I have heard. > >> And it was duly debunked. > > That is the reasoning, and personally I agree with it. You don't leave > sharp objects sitting around if you have no need to have them out. > The availability of plpgsql or other PLs makes for a significant jump > in what a bad guy can do if he gets access to the database,
Example please. Last time this was discussed, the claimed examples were things like running infinite loops as a resource exhaustion attack, which is pretty trivial to do in plain SQL functions or even in plain SQL without functions, and running things like brute-force attacks on password hashes (which also isn't hard using plain SQL functions). -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
