Stephen Frost <sfrost@snowman.net> writes:
> * Merlin Moncure (mmoncure@gmail.com) wrote:
>> maybe security definer functions should raise a warning for implicit
>> PATH NONE, and possibly even deprecate that behavior and force people
>> to type it out in future (8.4+) releases.
> While I agree that raising a warning makes sense I don't believe it
> should be forced.
A WARNING seems reasonable to me too. I'd just do it on the combination
of SECURITY DEFINER with PATH NONE, regardless of how you typed it
exactly. ALTERing a function into that configuration should draw the
same warning.
regards, tom lane