Bruno Wolff III <bruno@wolff.to> writes:
> When I try to grant usage on language c in 7.3b1 I get an error message
> saying I can't because the language isn't trusted. Is this different in b2?
No.
> I can see using whether or not a language is trusted to set defaults,
> but now that access can be controlled it would be useful to grant
> access to load c functions to users that are trusted.
There is no point at all in providing shades of access to untrusted
languages. A user who can define his own C functions is God: he can
use the functions to bypass any security restrictions you may think
you have on him. So it's useless to say that any privilege state
less than superuser-dom is appropriate for creating C functions.
later ...
> The risk is that the admins have to realize that granting access to
> untrusted languages is giving away the keys to the castle.
Equating it to superuser status seems an effective way of reminding
them of that.
regards, tom lane
