November 13, 2025: PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 Released!
DocumentationPostgreSQL devel (2025年12月14日 02:25:05 - git commit 5b3ef3055d8)
Supported Versions: Current (18) / 17 / 16 / 15 / 14
Development Versions: devel
Unsupported versions: 13 / 12 / 11 / 10 / 9.6 / 9.5 / 9.4 / 9.3 / 9.2 / 9.1 / 9.0 / 8.4 / 8.3 / 8.2 / 8.1 / 8.0 / 7.4 / 7.3 / 7.2 / 7.1
This documentation is for an unsupported version of PostgreSQL.
You may want to view the same page for the current version, or one of the other supported versions listed above instead.
21.6. Function Security
Prev Up Chapter 21. Database Roles Home Next

21.6. Function Security #

Functions, triggers and row-level security policies allow users to insert code into the backend server that other users might execute unintentionally. Hence, these mechanisms permit users to "Trojan horse" others with relative ease. The strongest protection is tight control over who can define objects. Where that is infeasible, write queries referring only to objects having trusted owners. Remove from search_path any schemas that permit untrusted users to create objects.

Functions run inside the backend server process with the operating system permissions of the database server daemon. If the programming language used for the function allows unchecked memory accesses, it is possible to change the server's internal data structures. Hence, among many other things, such functions can circumvent any system access controls. Function languages that allow such access are considered "untrusted", and PostgreSQL allows only superusers to create functions written in those languages.

Prev Up Next
21.5. Predefined Roles Home Chapter 22. Managing Databases

AltStyle によって変換されたページ (->オリジナル) /