Hi Ashutosh, Apologies for any confusion, but I'm not entirely following your > explanation. Could you kindly provide further clarification? > Additionally, would you mind reviewing the problem description > outlined in the initial email? >
I know about the problem and have seen the original email. What confused me, is that your email didn't specify that SET SEARCH_PATH in the CREATE EXTENSION is a boolean flag, hence I made an assumption that it is a TEXT (similar to GUC with the same name). Now after looking at your code it makes more sense. Sorry about the confusion. But, I also agree with Jelte, it should be a property of a control file, rather than a user controlled parameter, so that an attacker can't opt out. Regards, -- Alexander Kukushkin
