Re: Potential security risk associated with function call

> Correct. This is expected behaviour: the "internal" and "c" languages
> are not 'trusted' languages, and therefore only superusers can create
> functions using these languages. 
Yes, you're right, only superusers can create "in.ternal" and "c" languages

> It is the explicit responsibility of
> the superuser to make sure the functions they create using untrusted
> languages are correct and execute safely when called by PostgreSQL.
But the question is how can a superuser know the "internal" and "c" functions
implementation details? He will not know whether the code has !PG_ARGISNULL(...),
and create a harmful function accidentally...

Jet
Halo Tech