> I've prototyped this scheme. It seems to work as designed. A client that connects with psql (or any other tool) can list the API functions and whatever \df and \sf show. (notice that \d will reveal nothing.)But doing this reveals only the names of the functions that are called (which will be identical to the jacket names—so no risk here) and the name(s) of the schema(s) where they live (so a minor theoretical risk here). > > Full disclosure: I've never done this in anger.
Try select * from pg_class or select * from pg_attribute or any of the other system catalogs.
Which is exactly what most GUI applications that provide object browsing and viewing are going to use.
