> On 9 Jan 2020, at 22:38, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
> I'm not (yet)
> convinced that there is any significant security threat here. This
> doesn't give the user or indeed any postgres code any access to the
> contents of these files. But if there is a consensus to restrict this
> I'll do it.
I've seen successful exploits made from parts that I in my wildest imagination
couldn't think be useful, so FWIW +1 for adding belts to suspenders and
restricting this.
cheers ./daniel