Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1s9qHy-005T9N-Tk
	for pgsql-general@arkaria.postgresql.org; Wed, 22 May 2024 18:02:12 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1s9qHz-0026nV-0H
	for pgsql-general@arkaria.postgresql.org; Wed, 22 May 2024 18:02:11 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1s9qEr-0020tz-E9
	for pgsql-general@lists.postgresql.org; Wed, 22 May 2024 17:58:57 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1s9qEm-000Eoy-HL
	for pgsql-general@postgresql.org; Wed, 22 May 2024 17:58:56 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 44MHwosL4178925;
	Wed, 22 May 2024 13:58:50 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Ron Johnson <ronljohnsonjr@gmail.com>
cc: pgsql-general <pgsql-general@postgresql.org>
Subject: Re: search_path wildcard?
In-reply-to: <CANzqJaCjWr3Z3typ-Ye8vitiiYQEkCGz=w4Sx9Up7dZ+Hsb6Fw@mail.gmail.com>
References: <CANzqJaDxVFRPreSz_e=cg2PU2nW48BUcoJTyvc72Yry0tqkTcQ@mail.gmail.com> <CAKFQuwZx0G=0fPDmhwWiCNT1+ZUWYQGkYVj5Vab10A0_bksq0g@mail.gmail.com> <CANzqJaCjWr3Z3typ-Ye8vitiiYQEkCGz=w4Sx9Up7dZ+Hsb6Fw@mail.gmail.com>
Comments: In-reply-to Ron Johnson <ronljohnsonjr@gmail.com>
	message dated "Wed, 22 May 2024 13:54:21 -0400"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4178923.1716400730.1@sss.pgh.pa.us>
Date: Wed, 22 May 2024 13:58:50 -0400
Message-ID: <4178924.1716400730@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/4178924.1716400730%40sss.pgh.pa.us>
Precedence: bulk

Ron Johnson <ronljohnsonjr@gmail.com> writes:
> That would be a helpful feature for administrators, when there are multiple
> schemas in multiple databases, on multiple servers: superusers get ALTER
> ROLE foo SET SEARCH_PATH  = '*'; and they're done with it.

... and they're pwned within five minutes by any user with the wits
to create a trojan-horse function or operator.  Generally speaking,
you want admins to run with a minimal search path not a maximal one.

			regards, tom lane