doc: warn of SECURITY DEFINER schemas for non-sql_body functions

Non-sql_body functions are evaluated at runtime. Reported-by: Erki Eessaar Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com Backpatch-through: 10

doc: warn of SECURITY DEFINER schemas for non-sql_body functions
Non-sql_body functions are evaluated at runtime. Reported-by: Erki Eessaar Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com Backpatch-through: 10
b566f320 · Bruce Momjian · 4eab0181 · b566f320
Commit b566f320 authored Aug 31, 2022 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

doc/src/sgml/ref/create_function.sgml doc/src/sgml/ref/create_function.sgml +4 -1

No files found.
--- a/doc/src/sgml/ref/create_function.sgml
+++ b/doc/src/sgml/ref/create_function.sgml
@@ -779,7 +779,10 @@ SELECT * FROM dup(42);
   <para>
    Because a <literal>SECURITY DEFINER</literal> function is executed
    with the privileges of the user that owns it, care is needed to
-    ensure that the function cannot be misused.  For security,
+    ensure that the function cannot be misused.  This is particularly
+    important for non-<replaceable>sql_body</replaceable> functions because
+    their function bodies are evaluated at run-time, not creation time.
+    For security,
    <xref linkend="guc-search-path"/> should be set to exclude any schemas
    writable by untrusted users.  This prevents
    malicious users from creating objects (e.g., tables, functions, and