"Joe Conway" <[EMAIL PROTECTED]> writes: > Stephen Frost wrote: > >> I see.. So all the functions in untrusted languages that come with PG >> initially should be checked over by every sysadmin when installing PG >> every time... And the same for PostGIS, and all of the PL's that use >> untrusted languages? > > There are none installed by default -- that's the point.
That's not a scalable approach. If you treat the mere installation of a package as potentially making significant changes to the security model then it makes a joke of our whole security infrastructure. We could just have said you shouldn't create functions that you don't want public to have access to. He has a point too. If a sysadmin has to audit the security implications of every package when installing it that makes installing PostGIS a pretty daunting task. If on the other hand packages make the promise that they don't change the security model by merely being installed then programmers or dependent modules can request packages and dbas can be confident that installing them won't introduce security holes. Isn't that a property software should have even if it's just an add-on module? -- Gregory Stark EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
