Tom Lane wrote: > Albe Laurenz <laurenz.a...@wien.gv.at> writes: >> I just noticed that the documentation for CREATE FUNCTION still mentions >> that the temporary namespace is searched for functions even though that >> has been removed with commit aa27977. > > The example you propose to correct was introduced by that same commit, > which should make you think twice about whether it really was invalidated > by that commit.
Yes, I wondered about that. > I believe the reason for forcing pg_temp to the back of the path is to > prevent unqualified table names from being captured by pg_temp entries. > This risk exists despite the rule against searching pg_temp for functions > or operators. A maliciously named temp table could at least prevent > a security definer function from doing what it was supposed to, and > could probably hijack control entirely via triggers or rules. > > Possibly the documentation should be more explicit about why this is > being done, but the example code is good as-is. Maybe something like the attached would keep people like me from misunderstanding this. Yours, Laurenz Albe
-- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers