git.postgresql.org Git - postgresql.git/commit

git projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ebd8fc7) | patch
Use @extschema:name@ notation in contrib transform modules.
author Tom Lane <tgl@sss.pgh.pa.us>
Thu, 9 Jan 2025 20:16:56 +0000 (15:16 -0500)
committer Tom Lane <tgl@sss.pgh.pa.us>
Thu, 9 Jan 2025 20:16:56 +0000 (15:16 -0500)
commit bebe9040388bb2292585eab712fe4d29a71843fb
tree bc665989a9135290e57b623df27ebd35bef8bd64 tree
parent ebd8fc7e47fdad6adb68aad341d95c541d7325c3 commit | diff
Use @extschema:name@ notation in contrib transform modules.

Harden hstore_plperl, hstore_plpython, and ltree_plpython
against search-path-based attacks by using @extschema:name@
notation to refer to the underlying hstore or ltree data type.

This allows removal of the previous documentation warning
suggesting that they must be installed in the same schema as
the underlying data type. In passing, also improve a para in
extend.sgml to suggest using @extschema:name@ for such purposes.

Discussion: https://postgr.es/m/692480.1736021695@sss.pgh.pa.us
contrib/hstore_plperl/hstore_plperl--1.0.sql diff | blob | blame | history
contrib/hstore_plperl/hstore_plperlu--1.0.sql diff | blob | blame | history
contrib/hstore_plpython/hstore_plpython3u--1.0.sql diff | blob | blame | history
contrib/ltree_plpython/ltree_plpython3u--1.0.sql diff | blob | blame | history
doc/src/sgml/extend.sgml diff | blob | blame | history
doc/src/sgml/hstore.sgml diff | blob | blame | history
doc/src/sgml/ltree.sgml diff | blob | blame | history
This is the main PostgreSQL git repository.
RSS Atom

AltStyle によって変換されたページ (->オリジナル) /