> On Nov 7, 2022, at 17:24, Jan Bilek <jan.bilek@xxxxxxxxxxxxx> wrote: > Would there be any way to go around this? The typical configuration is to not permit the PostgreSQL superuser to log in remotely. The database can be managed by a different, non-superuser role, including schema migrations. > CREATE OR REPLACE LANGUAGE plpython3u; > HINT: Must be superuser to create this extension. The reason only a superuser can create this extension is the "u" at the end of the name: It is an untrusted PL that can bypass PostgreSQL's role system. If anyone could create functions in it, anyone could bypass roles.
