Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx> writes: > What I'm _asking_ is why would extending SECURITY DEFINER to include > preventing unauthorized users from viewing code _not_ be a valid method > of securing the code. Because it's so full of obvious loopholes. Yes, it might slow down someone who didn't have superuser access to the database or root access to the machine it's on; but that doesn't count as secure really. The problem is that the people who ask for this type of feature are usually imagining that they can put their code on customer-controlled machines and it will be safe from the customer's eyes. Well, it isn't, and I don't think Postgres should encourage them to think it is. regards, tom lane
