Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> writes: > We have two options:
> 1. Make pg_get_expr() handle arbitrary (possibly even malicious) input > gracefully. > 2. Restrict pg_get_expr() to superusers only. I think #1 is a fool's errand. There is far too much structure to a node tree that is outside the scope of what readfuncs.c is capable of understanding. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers