Обсуждение: Re: Usability, MySQL, Postgresql.org, gborg, contrib,
> -----Original Message----- > From: Andrew Dunstan [mailto:andrew@dunslane.net] > Sent: Tuesday, April 27, 2004 12:55 PM > To: pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] Usability, MySQL, Postgresql.org, > gborg, contrib, > > > Jim C. Nasby wrote: > > > > >I would still argue that if any language should be installed > by default > >it should be plpgsql and not java. As I mentioned, everyone using a > >database already knows SQL; not nearly as many know java. > > > > > > I know both. :-). > > Seriously - I'd like to raise my voice in favor of installing > plpgsql in > template1 by default. I haven't heard any good reason not to > (nor even a > bad reason). I offered the same opinion a while back, and was told that plpgsql is a security hole.
On Tue, Apr 27, 2004 at 01:32:44PM -0700, Dann Corbit wrote: > > From: Andrew Dunstan [mailto:andrew@dunslane.net] > > Seriously - I'd like to raise my voice in favor of installing > > plpgsql in template1 by default. I haven't heard any good reason not > > to (nor even a bad reason). > > I offered the same opinion a while back, and was told that plpgsql is a > security hole. Huh? Maybe we should fix it instead, because it's trusted. -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) "Coge la flor que hoy nace alegre, ufana. ¿Quién sabe si nacera otra mañana?"
>>Seriously - I'd like to raise my voice in favor of installing >>plpgsql in >>template1 by default. I haven't heard any good reason not to >>(nor even a >>bad reason). It has to work with older dumps that will try to recreate pl/pgsql themselves explicitly. > I offered the same opinion a while back, and was told that plpgsql is a > security hole. The we can make it not have USAGE privileges to public by default?? Chris
On Wed, 28 Apr 2004, Christopher Kings-Lynne wrote: > >>Seriously - I'd like to raise my voice in favor of installing plpgsql > >>in template1 by default. I haven't heard any good reason not to (nor > >>even a bad reason). > > It has to work with older dumps that will try to recreate pl/pgsql > themselves explicitly. This wouldn't be a problem, though, would it? The dumps don't run inside a transaction so after the failure to create PL/PgSQL because it already exists, the import would continue as before. Jon
Jon Jensen wrote: >On Wed, 28 Apr 2004, Christopher Kings-Lynne wrote: > > > >>>>Seriously - I'd like to raise my voice in favor of installing plpgsql >>>>in template1 by default. I haven't heard any good reason not to (nor >>>>even a bad reason). >>>> >>>> >>It has to work with older dumps that will try to recreate pl/pgsql >>themselves explicitly. >> >> > >This wouldn't be a problem, though, would it? The dumps don't run inside a >transaction so after the failure to create PL/PgSQL because it already >exists, the import would continue as before. > > > We could make it somewhat cleaner by having a flag on pg_dump that allowed/suppressed the language creation for plpgsql. cheers andrew