On Sat, Feb 25, 2006 at 06:36:19PM -0300, Alvaro Herrera wrote:
> I'm not sure it's an issue now that we have pg_pltemplate, but in older
> versions it's possible to create a language without setting a validator.
> This would make the validator an unsuitable place for checking the
> restrictions.
Hrm. I think this would only be an issue in PL/Py is if the user had the ability
to alter probin. The handler will never directly execute code in prosrc; it
relies on a validator to fill in probin.
Whether a regular user could take advantage of this or not, I'm not sure as I
have yet to test it or to give it much thought.
--
Regards, James William Pye