"Brad Nicholson" <bradn@ca.ibm.com> writes:
> First, as a long time user of the pgextwlist extension, I'm happy to see
> this functionality appearing in core. However, as a long term user of that
> extension, I can say that ability to create an extension as a non-super
> user is pretty limited in itself in a lot of cases. Many extensions both
> in contrib and external ones (like PostGIS for example) don't give
> appropriate permissions to actually use the extension.
> Taking postgresql_fdw as an example.
I'm confused about your point here. postgresql_fdw has intentionally
*not* been marked trusted. That's partly because it doesn't seem like
outside-the-database access is something we want to allow by default,
but it's also the case that there are inside-the-database permissions
issues. So no, we have not solved those, but that is not a shortcoming
of the trusted-extensions feature AFAICS. It is not the intent of
that feature that you can randomly mark unsafe extensions as trusted
and have every one of their permissions safety-checks vanish.
regards, tom lane
