Tom Lane wrote:
> This is actually in direct contradiction to the original intent of the
> plugins/ subdirectory, which was that it only contain libraries that the
> local administrator had decided to consider safe and put there manually.
> Since the normal superuser-only restrictions for library loading are
> bypassed for stuff in plugins/, there's a nontrivial risk of security
> problems if stuff just gets put there willy-nilly.
By what process or criteria is a local administrator supposed to
evaluate whether a module is safe? (I could make up one, but does one
exist now?)
Moreover, this mechanism appears to be pretty evil towards packaging
systems. You don't really want to make administrators move files around
that are under package manager control. A system table or variable that
lists safe modules would be friendlier, iff you really want to have this
under local administrator control.