| From: | Jet <zhangchenxi(at)halodbtech(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential security risk associated with function call |
| Date: | 2026-03-10 13:09:52 |
| Message-ID: | tencent_6AE511D377F044C8157B6FF9@qq.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> but the 2026 reality is that someone would
> just say "deploy an AI agent to check whether the code is safe for the
> definition," and that might actually work in practical cases, but
> we're not going to add a call-out to Claude as part of the CREATE
> FUNCTION statement.
I notice the potential problem just because using Claude to write a simple
extension. And it works well on testing enviroment. But when take over the
Claude generated extenion to dev enviroment, the server crashed.
More and more people will use AI to generate codes, that's the trend, but AI
will make mistakes, and may leave many potention risks. So I suppose as the
base platform, we should try our best efforts to make it more robust.
Regards,
Jet
Halo Tech
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2026-03-10 13:11:00 | Re: Serverside SNI support in libpq |
| Previous Message | Tender Wang | 2026-03-10 12:59:22 | [PATCH] Simplify trivial shmem size calculations |