"Tom Lane" <[EMAIL PROTECTED]> writes: > I thought about ways to include GUC settings directly into CREATE > FUNCTION, but it seemed pretty ugly and inconsistent with the > existing syntax. So I'm thinking of supporting only the above > syntaxes, meaning it'll take at least two commands to create a secure > SECURITY DEFINER function.
I think security definer functions should automatically inherit their search_path. The whole "secure by default" thing. It might be best to have a guc variable which controls the variables which are automatically saved. regexp_flavour and maybe a handful of others could be in it by default. But that might depend on how expensive it is at run-time. I wouldn't want trivial SQL functions to no longer be inline-able because one might one day use a regexp for example. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
