Alexander Petrossian <alexander.petrossian@xxxxxxxxx> writes: > 25 сент. 2023 г., в 17:28, Tom Lane <tgl@xxxxxxxxxxxxx> написал(а): >> you’d have a big problem with being able to change the behavior of >> security-definer functions. > Could you please elaborate on this, Tom? pldebugger allows you to change the contents of a function's local variables. Obviously the threat level would depend a lot on the details of the particular function, but it's not hard to envision cases where that would be enough to make the function do something other than what it was supposed to. regards, tom lane
