Albe Laurenz <laurenz.a...@wien.gv.at> writes: > Tom Lane wrote: >> I believe the reason for forcing pg_temp to the back of the path is to >> prevent unqualified table names from being captured by pg_temp entries. >> This risk exists despite the rule against searching pg_temp for functions >> or operators. A maliciously named temp table could at least prevent >> a security definer function from doing what it was supposed to, and >> could probably hijack control entirely via triggers or rules. >> >> Possibly the documentation should be more explicit about why this is >> being done, but the example code is good as-is.
> Maybe something like the attached would keep people like me from > misunderstanding this. I rewrote this a bit and pushed it. Thanks for the suggestion! https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ce150e7e0fc1a127fee7933d71f4204a79ecce04 regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers