On Wed, Oct 29, 2014 at 3:31 PM, Stephen Frost <sfr...@snowman.net> wrote: > I still don't particularly like it and, frankly, the limitations we've > come up with thus far are not issues for my use-cases and I'd rather > have them and be able to say "yes, you can use this with some confidence > that it won't trivially bypass the DB security or provide a way to crash > the DB".
I think it *will* trivially bypass the DB security. If trivial means "it can be done by anyone with no work at all", then, OK, it's not trivial. If it means "it can be done by a reasonably skilled engineer without too much trouble", then it's trivial. To call it a security feature, I think the bar needs to be higher than that. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
