Home > mailing lists

pgsql: Document security implications of qualified names. - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Document security implications of qualified names.
Date	July 29, 2018 06:14:03
Msg-id	[email protected] Whole thread Raw
List	pgsql-committers

Tree view

Document security implications of qualified names.

Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 documented secure schema
usage, and that advice suffices for using unqualified names securely.
Document, in typeconv-func primarily, the additional issues that arise
with qualified names.  Back-patch to 9.3 (all supported versions).

Reviewed by Jonathan S. Katz.

Discussion: https://postgr.es/m/[email protected]

Branch
------
REL9_4_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/8c477a42eb9bdb91e7361645c3c343578000cb4a

Modified Files
--------------
doc/src/sgml/ddl.sgml                 |  15 +++--
doc/src/sgml/ref/create_function.sgml |  14 +++--
doc/src/sgml/syntax.sgml              |   8 +++
doc/src/sgml/typeconv.sgml            | 103 ++++++++++++++++++++++++++++++++--
doc/src/sgml/xfunc.sgml               |  25 ++++++---
src/backend/utils/adt/ruleutils.c     |  15 ++---
6 files changed, 147 insertions(+), 33 deletions(-)

pgsql-committers by date:

From: Tomas Vondra
Date: 29 July 2018, 04:43:52
Subject: pgsql: Provide separate header file for built-in float types

From: Michael Paquier
Date: 29 July 2018, 16:02:28
Subject: pgsql: Fix two oversights from 9ebe0572 which refactored cluster_rel

pgsql: Document security implications of qualified names. - Mailing list pgsql-committers

Previous

Next