On Wed, Aug 08, 2018 at 10:47:04AM -0400, Tom Lane wrote:
> Isaac Morland <isaac.morland@gmail.com> writes:
> > While I'm asking, does anybody know why this isn't the default, especially
> > for SECURITY DEFINER functions?
>
> It might fix some subset of security issues, but I think that changing
> the default behavior like that would break a bunch of other use-cases.
> It'd be especially surprising for such a thing to apply only to
> SECURITY DEFINER functions.
Some projects consider breaking backwards compatibility to fix security
problems (within reason, and with discussion) to be a fair thing to do.
Already people have to qualify their apps for every release of PG. I
think this problem very much deserves a good solution.
Nico
--