Hi, On 2018-12-08 17:10:27 -0300, Alvaro Herrera wrote: > On 2018-Dec-07, Andres Freund wrote: > > > I think it could partially be addressed by not allowing to set it on the > > commandline, server config, etc. So the user would have to set it on a > > per-connection basis, potentially via the connection string. > > This is what patch 0001 does -- it's only allowed in the connection > string, or on ALTER USER / ALTER DATABASE. Setting it in > postgresql.conf is forbidden, as well as changing from transaction to > statement in SET (the opposite is allowed, though.)
I don't think allowing to set it on a per-user basis is acceptable either, it still leaves the client in a state where they'll potentially be confused about it. Do you have a proposal to address the issue that this makes it just about impossible to write UDFs in a safe way? Greetings, Andres Freund
