Simon Riggs <si...@2ndquadrant.com> writes: > [ good general plan ]
> 3. Make a list of all functions that would cause security problems. > One by one, precisely. If we did remove all superuser checks we would > need this list documented to advise people of the risks, so it must > exist before any commit can be made, assuming we believe in > documentation. Notice that I am after risk documentation, Yeah, I think documentation is the crux of the issue. If there is some non-obvious reason why letting somebody use pg_ls_dir() is more of a security hazard than it appears on the surface, the answer is to document that so DBAs can decide for themselves whether to take the risk. Count me +1 for removing hard-wired superuser checks, but carefully and with an overall plan. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers