Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them

On Thu, Jun 5, 2025 at 7:24 PM Feike Steenbergen
<feikesteenbergen@gmail.com> wrote:
>
> On Thu, 5 Jun 2025 at 12:49, Peter Eisentraut <peter@eisentraut.org> wrote:
> > I propose to address this by not allowing the use of user-defined
> > functions in generation expressions for now.  The attached patch
> > implements this.  This assumes that all built-in functions are
> > trustworthy, for this purpose, which seems likely true and likely desirable.
> >
> > I think the feature is still useful like that, and this approach
> > provides a path to add new functionality in the future that grows this
> > set of allowed functions, for example by allowing some configurable set
> > of "trusted" functions or whatever.
>
> +1
>
> I really like this feature and it would be great if it gets into
> pg18, even with some restrictions,
>

+1. I think even though the use of only builtins limits the usage of
this feature, it can still be useful for cases like String
manipulations (e.g., UPPER(name)), Date/time calculations (e.g.,
age(birthdate)), Mathematical transformations (e.g., price *
tax_rate), Computed timestamps (with use of date), JSON field
extraction, etc.

Allowing UDFs with some safety definition can be done in future releases.

--
With Regards,
Amit Kapila.