* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > * Petr Jelinek (p...@2ndquadrant.com) wrote: > >> Yeah it will, mainly because extensions can load modules and can > >> have untrusted functions, we might want to limit which extensions > >> are possible to create without being superuser. > > > The extension has to be available on the filesystem before it can be > > created, of course. I'm not against providing some kind of whitelist or > > similar which a superuser could control.. That's similar to how PLs > > work wrt pltemplate, no? > > The existing behavior is "you can create an extension if you can execute > all the commands contained in its script". I'm not sure that messing > with that rule is a good idea; in any case it seems well out of scope > for this patch.
Right, that's the normal rule. I still like the idea of letting
non-superusers create "safe" extensions, but I completely agree- beyond
the scope of this patch (as I noted in my initial post).
Thanks!
Stephen
signature.asc
Description: Digital signature
