Document security implications of qualified names.
Noah Misch <noah@leadboat.com>
Document security implications of qualified names. Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 documented secure schema usage, and that advice suffices for using unqualified names securely. Document, in typeconv-func primarily, the additional issues that arise with qualified names. Back-patch to 9.3 (all supported versions). Reviewed by Jonathan S. Katz. Discussion: https://postgr.es/m/20180721012446.GA1840594@rfd.leadboat.com
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/ddl.sgml | modified | +10 −5 |
| doc/src/sgml/ref/create_function.sgml | modified | +8 −6 |
| doc/src/sgml/syntax.sgml | modified | +8 −0 |
| doc/src/sgml/typeconv.sgml | modified | +99 −4 |
| doc/src/sgml/xfunc.sgml | modified | +17 −8 |
| src/backend/utils/adt/ruleutils.c | modified | +5 −10 |
Discussion
- Documenting safe practices for qualified function calls 1 message · 2018-07-21