Tom Lane wrote:
> Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
>> I have a question about what does happen if search path is not defined
>> for SECURITY DEFINER function. My expectation is that SECURITY DEFINER
>> function should defined empty search patch in this case.
>
> Your expectation is incorrect. We are not in the business of breaking
> every application in sight, which is what that would do.
Oh. I see. In this point of view I suggest to add some warning about
potential security issue if SECURITY DEFINER function will create
without preset search_path. I'm aware that a lot of developer forget to
modify their application.
Zdenek