Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
Feike Steenbergen <feikesteenbergen@gmail.com>
From: Feike Steenbergen <feikesteenbergen@gmail.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2025-06-05T13:54:28Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Restrict virtual columns to use built-in functions and types
- 0cd69b3d7ef3 18.0 landed
-
Fix virtual generated column type checking for ALTER TABLE
- 49fe1c83ecf3 18.0 landed
-
Expand virtual generated columns in the planner
- 1e4351af329f 18.0 cited
On Thu, 5 Jun 2025 at 12:49, Peter Eisentraut <peter@eisentraut.org> wrote: > I propose to address this by not allowing the use of user-defined > functions in generation expressions for now. The attached patch > implements this. This assumes that all built-in functions are > trustworthy, for this purpose, which seems likely true and likely desirable. > > I think the feature is still useful like that, and this approach > provides a path to add new functionality in the future that grows this > set of allowed functions, for example by allowing some configurable set > of "trusted" functions or whatever. +1 I really like this feature and it would be great if it gets into pg18, even with some restrictions, thank you