Robert Haas <robertmh...@gmail.com> writes: > The other danger here is - what exactly do you mean by "no command has > been able to run between the user command and our lookup"? Because > you can do stupid things with functions like set_config(). This would > only be safe if no user-provided expressions can possibly get > evaluated between point A and point B, and that strikes me as the sort > of thing that could easily be false unless this is all done VERY close > to the start of processing.
To me, the largest single risk of the whole event triggers feature is precisely that it will result in random user-provided code getting executed in fairly random places, thus breaking assumptions of this type that may be hard or impossible to fix. But given that allowing that is more or less exactly the point of the feature, I'm not sure why you're blaming the patch for it. It should have been rejected on day one if you're not willing to have that type of risk. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers