Thread

Commits

  1. Document security implications of qualified names.

  2. Document security implications of search_path and the public schema.

  1. Documenting safe practices for qualified function calls

    Noah Misch <noah@leadboat.com> — 2018-07-21T01:24:46Z

    The CVE-2018-1058 documentation change, commit 5770172, directed readers to
    secure their schema usage patterns.  That made secure their use of unqualified
    function and operator names.  Sometimes one wishes to call an object outside
    search_path via a qualified name.  That has its own security considerations,
    which we hadn't documented to the same degree.  The security team discussed
    this and concluded that the lack of documentation did not itself constitute a
    security flaw.  I did prepare the attached patch, which Jonathan Katz
    reviewed.  I'm posting it here in case anyone else wishes to review it.
    
    Thanks,
    nm