Skip to content

P
Postgres FD Implementation
Commit 540b4e5b authored by Noah Misch's avatar Noah Misch
Browse files
Options

Document security implications of check_function_bodies. 

Back-patch to 8.4 (all supported versions).
parent 537cbd35
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 8 deletions
doc/src/sgml/config.sgml
View file @ 540b4e5b
...@@ -5153,9 +5153,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; ...@@ -5153,9 +5153,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
<para> <para>
This parameter is normally on. When set to <literal>off</>, it This parameter is normally on. When set to <literal>off</>, it
disables validation of the function body string during <xref disables validation of the function body string during <xref
linkend="sql-createfunction">. Disabling validation is linkend="sql-createfunction">. Disabling validation avoids side
occasionally useful to avoid problems such as forward references effects of the validation process and avoids false positives due
when restoring function definitions from a dump. to problems such as forward references. Set this parameter
to <literal>off</> before loading functions on behalf of other
users; <application>pg_dump</> does so automatically.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
......
doc/src/sgml/plhandler.sgml
View file @ 540b4e5b
...@@ -194,11 +194,13 @@ CREATE LANGUAGE plsample ...@@ -194,11 +194,13 @@ CREATE LANGUAGE plsample
<para> <para>
Validator functions should typically honor the <xref Validator functions should typically honor the <xref
linkend="guc-check-function-bodies"> parameter: if it is turned off then linkend="guc-check-function-bodies"> parameter: if it is turned off then
any expensive or context-sensitive checking should be skipped. any expensive or context-sensitive checking should be skipped. If the
In particular, this parameter is turned off by <application>pg_dump</> language provides for code execution at compilation time, the validator
so that it can load procedural language functions without worrying must suppress checks that would induce such execution. In particular,
about possible dependencies of the function bodies on other database this parameter is turned off by <application>pg_dump</> so that it can
objects. (Because of this requirement, the call handler should avoid load procedural language functions without worrying about side effects or
dependencies of the function bodies on other database objects.
(Because of this requirement, the call handler should avoid
assuming that the validator has fully checked the function. The point assuming that the validator has fully checked the function. The point
of having a validator is not to let the call handler omit checks, but of having a validator is not to let the call handler omit checks, but
to notify the user immediately if there are obvious errors in a to notify the user immediately if there are obvious errors in a
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment