Home > mailing lists

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Potential security risk associated with function call
Date	March 10 18:22:48
Msg-id	CA+Tgmob1YxJW9WVje0ua1UDuack0z2OpmonbooobfmfKZOA+pQ@mail.gmail.com Whole thread Raw
In response to	Re: Potential security risk associated with function call ("Jet" <zhangchenxi@halodbtech.com>)
List	pgsql-hackers

Tree view

On Tue, Mar 10, 2026 at 10:05 AM Jet <zhangchenxi@halodbtech.com> wrote:
> I don't think it just for fun. People may prefer to use EXTENSION, but the
> problem is may the EXTENSION was written by a person who don't have full
> skills with extension developing or even without any code experience but only
> using AI. Just in the case I notice the problem. AI doing all the things and on
> most cases it works well but leave potential risks. Will the end user really to
> study the whole EXTENSION code? I can ensure most of them will not. And AI
> will take over to do the most of coding works, that iss what happening...

Sure, but what do you propose to do about it? As I have already said,
there's no realistic way for PostgreSQL itself to know what the
correct function definition is.

--
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Daniel Gustafsson
Date: 10 March, 18:14:17
Subject: Re: Change initdb default to the builtin collation provider

From: Greg Sabino Mullane
Date: 10 March, 18:32:29
Subject: Re: ALTER TABLE: warn when actions do not recurse to partitions

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

Previous

Next