2 files changed, 30 insertions, 1 deletions

diff --git a/src/include/Makefile b/src/include/Makefile
index 578a7784616..9bba3082a98 100644
--- a/src/include/Makefile
+++ b/src/include/Makefile
@@ -17,7 +17,8 @@ all: pg_config.h pg_config_ext.h pg_config_os.h
 
 
 # Subdirectories containing headers for server-side dev
-SUBDIRS = access bootstrap catalog commands common datatype executor foreign \
+SUBDIRS = access bootstrap catalog commands common datatype \
+	executor fe_utils foreign \
 	lib libpq mb nodes optimizer parser postmaster regex replication \
 	rewrite storage tcop snowball snowball/libstemmer tsearch \
 	tsearch/dicts utils port port/win32 port/win32_msvc \
diff --git a/src/include/fe_utils/connect.h b/src/include/fe_utils/connect.h
new file mode 100644
index 00000000000..fa293d2458d
--- /dev/null
+++ b/src/include/fe_utils/connect.h
@@ -0,0 +1,28 @@
+/*-------------------------------------------------------------------------
+ *
+ * Interfaces in support of FE/BE connections.
+ *
+ *
+ * Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1994, Regents of the University of California
+ *
+ * src/include/fe_utils/connect.h
+ *
+ *-------------------------------------------------------------------------
+ */
+#ifndef CONNECT_H
+#define CONNECT_H
+
+/*
+ * This SQL statement installs an always-secure search path, so malicious
+ * users can't take control.  CREATE of an unqualified name will fail, because
+ * this selects no creation schema.  This does not demote pg_temp, so it is
+ * suitable where we control the entire FE/BE connection but not suitable in
+ * SECURITY DEFINER functions.  This is portable to PostgreSQL 7.3, which
+ * introduced schemas.  When connected to an older version from code that
+ * might work with the old server, skip this.
+ */
+#define ALWAYS_SECURE_SEARCH_PATH_SQL \
+	"SELECT pg_catalog.set_config('search_path', '', false)"
+
+#endif							/* CONNECT_H */