On Thu, Oct 21, 2010 at 12:47 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Josh Kupershmidt <schmi...@gmail.com> writes: >> pg_temp is being implicitly included in the default search path when >> looking for tables, but not for functions. Is there a reason for this >> difference? > > Yes. They used to be the same, but awhile back we decided it was a > security hole to look for functions or operators in the implicit temp > schema. It makes it too easy for someone to substitute a trojan-horse > function that will be picked up in preference to whatever's in the > normal search path. See CVE-2007-2138. > > If you actually do want to define and call temporary functions, you > can include "pg_temp" in the search path explicitly, or perhaps better, > explicitly qualify the intentional calls with pg_temp.
Thanks, thought it might be something like that. Josh -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
