Tom Lane wrote:
> Andrew Dunstan <andrew@dunslane.net> writes:
>
>> For example, since we don't support temp functions, we should probably
>> ban the creation of functions in temp schemas (which I found was possible).
>>
>
> What for? If you don't want someone to use a language, you should
> either revoke his USAGE privilege on that language, or remove it
> from his database altogether.
>
Good point. Actually, this has made me rethink the whole proposal.
Things could get quite sticky if we have initdb put plpgsql in
template1. The language would be owned by the superuser, not the db
owner, and so the db owner would not be able to control usage on it. And
if we withdrew usage on it from public in template1 the db owner
wouldn't even be able to use the language.
So on reflection I'm now inclined to say we should not change what we
are now doing, which is simply to allow the db owner to install and
control access to the language. Perhaps there is a case for removing
public usage from the default ACL for languages, or at least for
installable PLs, but I suspect that would just break huge numbers of
apps, unless we had some sort of grandfather clause.
cheers
andrew