Bryn Llewellyn <bryn@xxxxxxxxxxxx> writes: > Thanks, all, for your replies. I'd assumed that the arguments of "set search_path" had to be SQL names. so I tried "". But that caused an error. I didn't try the ordinary empty string because I'd assumed that, as an illegal SQL name, it would be illegal in "set search_path". Hmm... search_path's value is not a SQL name. It's a list of SQL names wrapped in a string ... and the list can be empty. A bit off topic: I'm not sure how you came to the conclusion that superusers can't write into pg_catalog. They can. But I don't see much point in being paranoid about whether the contents of pg_catalog are trustworthy. If an adversary has already obtained superuser privileges, he needn't bother with anything as complicated as trojan-horsing something you might call later. regards, tom lane
