Re: ALTER ROLE/DATABASE RESET ALL versus security

Alvaro Herrera <alvherre@commandprompt.com> writes:
> I have come up with the attached patch.  I haven't tested it fully yet,
> and I need to backport it.  The gist of it is: we can't simply remove
> the pg_db_role_setting tuple, we need to ask GUC to reset the settings
> array, for which it checks superuser-ness on each setting.

I think you still want to have a code path whereby the tuple will be
deleted once the array is empty.  Failing to check that is inefficient
and also exposes clients such as pg_dump to corner case bugs.
        regards, tom lane