Robert Haas <robertmhaas@gmail.com> writes:
> I guess. If you search pg_temp always then it's pretty much
> impossible to avoid having a security hole, if you use any non-trivial
> SQL. But if you search pg_temp for non-SD only then you'll only have
> a security hole if you assume (presumably without testing) that the
> behavior is the same in that case. If an SD function is calling
> temporary functions they'd best be ones it created, otherwise your
> security is pretty much nonexistent anyway.
In general I don't see a lot of use for calling temp functions that
you don't know are temp functions. So I see nothing much wrong with
having to use the pg_temp. prefix --- and the possibility of security
issues definitely pushes me over the line to being happy with requiring
that.
regards, tom lane