Heikki Linnakangas <[email protected]> writes:
> We have two options:
> 1. Make pg_get_expr() handle arbitrary (possibly even malicious) input
> gracefully.
> 2. Restrict pg_get_expr() to superusers only.
I think #1 is a fool's errand. There is far too much structure to a
node tree that is outside the scope of what readfuncs.c is capable of
understanding.
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
