Robert Haas <robertmhaas@gmail.com> writes:
> The other danger here is - what exactly do you mean by "no command has
> been able to run between the user command and our lookup"? Because
> you can do stupid things with functions like set_config(). This would
> only be safe if no user-provided expressions can possibly get
> evaluated between point A and point B, and that strikes me as the sort
> of thing that could easily be false unless this is all done VERY close
> to the start of processing.
To me, the largest single risk of the whole event triggers feature is
precisely that it will result in random user-provided code getting
executed in fairly random places, thus breaking assumptions of this type
that may be hard or impossible to fix. But given that allowing that
is more or less exactly the point of the feature, I'm not sure why
you're blaming the patch for it. It should have been rejected on day
one if you're not willing to have that type of risk.
regards, tom lane
