Albe Laurenz <> writes:
> Tom Lane wrote:
>> I believe the reason for forcing pg_temp to the back of the path is to
>> prevent unqualified table names from being captured by pg_temp entries.
>> This risk exists despite the rule against searching pg_temp for functions
>> or operators.  A maliciously named temp table could at least prevent
>> a security definer function from doing what it was supposed to, and
>> could probably hijack control entirely via triggers or rules.
>> Possibly the documentation should be more explicit about why this is
>> being done, but the example code is good as-is.

> Maybe something like the attached would keep people like me from
> misunderstanding this.

I rewrote this a bit and pushed it.  Thanks for the suggestion!;a=commitdiff;h=ce150e7e0fc1a127fee7933d71f4204a79ecce04

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to