Glad you bring this problem up for discussion, something should be done to improve the situation.
Personally, as I really dislike search_path and consider using it an anti-pattern. I would rather prefer a GUC to hard-code search_path to a constant default value of just ‘public’ that cannot be changed by anyone or any function. Trying to change it to a different value would raise an exception. This would work for me since I always fully-qualify all objects except the ones in public. /Joel On Thu, May 27, 2021, at 13:23, Marko Tiikkaja wrote: > Hi, > > Since writing SECURITY DEFINER functions securely requires annoying > incantations[1], wouldn't it be nice if we provided a way for the superuser > to override the default search path via a GUC in postgresql.conf? That way > you can set search_path if you want to override the default, but if you leave > it out you're not vulnerable, assuming security_definer_search_path only > contains secure schemas. > > > .m Kind regards, Joel
