Tom Lane wrote:
In the end it's only one small component of security, but any security
expert will tell you that you take all the layers of security that you
can get. If you don't need a given bit of functionality, it shouldn't
get installed.
I think any security expert would say that if let non trustworthy people get so far as to
create their own SQL statements, you're in big trouble. Plpgsql or not. I fail to see what
the real issue is here. Your argument is analog to saying "don't install bash on a Linux
system by default. People might do bad things with it".
Regards,
Thomas Hallgren
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
