> On Nov 7, 2022, at 17:24, Jan Bilek <jan.bilek@eftlab.com.au> wrote:
> Would there be any way to go around this?
The typical configuration is to not permit the PostgreSQL superuser to log in remotely. The database can be managed by
adifferent, non-superuser role, including schema migrations.
> CREATE OR REPLACE LANGUAGE plpython3u;
> HINT: Must be superuser to create this extension.
The reason only a superuser can create this extension is the "u" at the end of the name: It is an untrusted PL that can
bypassPostgreSQL's role system. If anyone could create functions in it, anyone could bypass roles.