"David G. Johnston" <david.g.johnston@xxxxxxxxx> writes: > On Thu, Oct 21, 2021 at 6:48 PM Wells Oliver <wells.oliver@xxxxxxxxx> wrote: >> Is there anything out there written about what trusted means? The PG >> community seems pretty trusting :) > It basically means the programming language allows the author of the code > to break out of the server and access the underlying operating system as > the postgres user. Right. If RDS won't give you superuser, they sure as heck won't give you an untrusted PL, because that's an even shorter path to getting access to the underlying system. > I believe this is written in the docs - but I haven't > searched recently. The CREATE LANGUAGE man page defines the flag as <literal>TRUSTED</literal> specifies that the language does not grant access to data that the user would not otherwise have. That's a tighter definition than is of interest here --- for example, a language that only gave you SQL access but let you bypass SQL privilege checks would have to be not-trusted, a conclusion I agree with. In practice though, external PL systems know darn little about SQL. It's their ability to access the underlying OS that makes them problematic. regards, tom lane