Flag potential security risks in extensions

[mhalle]

Several extensions offer functionality through select that may pose a security risk if used in an environment that allows arbitrary queries.

These extensions should be flagged as potential risks in their documentation.

For example, fileio operations could permit arbitrary access to the file system. env operations could allow access to private information such as secret values set using environment variables.

While accessing these extensions requires that they be explicitly loaded, a naive client app may do so without consideration of the potential security risks. A prominent warning in the documentation may be a suitable safety measure, though other precautions may be warranted.

E

[jlarmstrongiv]

Another such function is eval()

[nalgeon]

I believe that the extension documentation explains the functionality enough for a user to make an informed decision.