> On 9 Jan 2020, at 22:38, Andrew Dunstan <andrew.duns...@2ndquadrant.com> > wrote:
> I'm not (yet) > convinced that there is any significant security threat here. This > doesn't give the user or indeed any postgres code any access to the > contents of these files. But if there is a consensus to restrict this > I'll do it. I've seen successful exploits made from parts that I in my wildest imagination couldn't think be useful, so FWIW +1 for adding belts to suspenders and restricting this. cheers ./daniel
