No need to do anything they custom and specific. No need for new syntax either.
SET myapp.appuser = 'joe'
Or use SET LOCAL for xact scoped.
If your attacker gets that far you're kind of screwed anyway.
But that's where something like 'secure variables' or package variables come in. See the mailing list discussion on that topic a couple of months ago.
I do want something similar to this for SET SESSION AUTHORIZATION.
But for most things a secure variable model with a setter function should work better.
Much, much more chance of this.
Surely in that case you have the same problem with something based on new syntax?
I don't see how postgres can do anything about this. PgJDBC maybe. But probably not.
The main part I would like is a generic mechs ism to inject the value of a GUC into the logs.
For csvlog, it'd be a list of GUC names, each a to be emitted as a separate field if set, or empty field if unset.
For normal log, it'd be available in log_line_prefix as something like
%(myapp.user)g
... or whatever.
I can see this being plenty useful for all sorts of work, and nicely flexible.