Kris Jurka <bo...@ejurka.com> writes: > On Wed, 9 Jun 2010, Heikki Linnakangas wrote: >> Are you thinking we should retrict pg_get_expr() to superusers then?
> That seems like it will cause problems for both pg_dump and drivers which > want to return metadata as pg_get_expr has been the recommended way of > fetching this information. Yes, it's not a trivial fix either. We'll have to provide functions or views that replace the current usages without letting the user insert untrusted strings. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers