"Programmer's Guide, Client Interfaces, libpq, The Fast-Path Interface"
describes PQfn() and has this alarming remark:
"This is a trapdoor into system internals and can be a potential
security hole."
Sure this isn't true. PQfn() just lets a frontend call a function which is
also accessible (if maybe not useful) via a SELECT statement, correct? If
I'm right, we should remove the scary language from the documentation. If
on the other hand PQfn() is a security hole, could someone post an exploit?