Stephen Frost wrote:
* Joe Conway ([EMAIL PROTECTED]) wrote:
Sure it matters. A function written in a trusted language is known to be
safe, a priori. A function written in an untrusted language has no such
guarantees, and therefore has to be assumed unsafe unless carefully proved
otherwise.
I see.. So all the functions in untrusted languages that come with PG
initially should be checked over by every sysadmin when installing PG
every time... And the same for PostGIS, and all of the PL's that use
untrusted languages?
There are none installed by default -- that's the point.
On my pretty modest install that's 2,206 functions. For some reason I
see something of a difference between 'generate_series' and 'dblink' in
terms of security and which one I'm comfortable having enabled by
default and which one I'm not.
generate_series is a built in function. We aren't discussing those.
Joe
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
