Re: Additional role attributes && superuser review

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Petr Jelinek (petr@2ndquadrant.com) wrote:
> >> Yeah it will, mainly because extensions can load modules and can
> >> have untrusted functions, we might want to limit which extensions
> >> are possible to create without being superuser.
>
> > The extension has to be available on the filesystem before it can be
> > created, of course.  I'm not against providing some kind of whitelist or
> > similar which a superuser could control..  That's similar to how PLs
> > work wrt pltemplate, no?
>
> The existing behavior is "you can create an extension if you can execute
> all the commands contained in its script".  I'm not sure that messing
> with that rule is a good idea; in any case it seems well out of scope
> for this patch.

Right, that's the normal rule.  I still like the idea of letting
non-superusers create "safe" extensions, but I completely agree- beyond
the scope of this patch (as I noted in my initial post).
Thanks!
    Stephen