"Pavel Stehule" <pavel.stehule@hotmail.com> writes:
> SQL/PSM default for SQL procedures are SECURITY DEFINER (like views), but
> PostgreSQL default is SECURITY CALLLER. Is acceptable to define security
> flag in dependency to used language?
I'd vote no, even if Peter is wrong and you're right about what the spec
says. A PL gets to set the rules within its function body, not outside.
Next you'll be telling us that the standard requires that the CREATE
FUNCTION not use a dollar-quoted function body ... to which the answer
will be "too bad". I think the principle of least surprise dictates
that security properties shouldn't be inconsistent across PLs.
regards, tom lane