| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Jet <zhangchenxi(at)halodbtech(dot)com> |
| Cc: | Kirill Reshke <reshkekirill(at)gmail(dot)com>, Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential security risk associated with function call |
| Date: | 2026-03-10 15:22:48 |
| Message-ID: | CA+Tgmob1YxJW9WVje0ua1UDuack0z2OpmonbooobfmfKZOA+pQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Mar 10, 2026 at 10:05 AM Jet <zhangchenxi(at)halodbtech(dot)com> wrote:
> I don't think it just for fun. People may prefer to use EXTENSION, but the
> problem is may the EXTENSION was written by a person who don't have full
> skills with extension developing or even without any code experience but only
> using AI. Just in the case I notice the problem. AI doing all the things and on
> most cases it works well but leave potential risks. Will the end user really to
> study the whole EXTENSION code? I can ensure most of them will not. And AI
> will take over to do the most of coding works, that iss what happening...
Sure, but what do you propose to do about it? As I have already said,
there's no realistic way for PostgreSQL itself to know what the
correct function definition is.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2026-03-10 15:32:29 | Re: ALTER TABLE: warn when actions do not recurse to partitions |
| Previous Message | Daniel Gustafsson | 2026-03-10 15:14:17 | Re: Change initdb default to the builtin collation provider |