> My gut reaction would be to limit the creation of functions with
> language=internal to superusers, but that wouldn't work as it would
> break CREATE EXTENSION when there are server modules involved.
>
> Maybe all C functions that are able to be used as language=internal
> needs to explicitly check nargs at the top of the function?
Yes, all C functions suffer such potential risk, not only language=internal.
So limit the creation of functions with language=internal is not enough.
Jet
Halo Tech