2010-09-20 22:08:53 +02:00
|
|
|
<!-- doc/src/sgml/earthdistance.sgml -->
|
2007-12-06 05:12:10 +01:00
|
|
|
|
2011-05-08 04:29:20 +02:00
|
|
|
<sect1 id="earthdistance" xreflabel="earthdistance">
|
2023-01-20 20:01:59 +01:00
|
|
|
<title>earthdistance — calculate great-circle distances</title>
|
2007-12-06 05:12:10 +01:00
|
|
|
|
2007-11-11 00:30:46 +01:00
|
|
|
<indexterm zone="earthdistance">
|
|
|
|
<primary>earthdistance</primary>
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
<para>
|
2017-10-09 03:44:17 +02:00
|
|
|
The <filename>earthdistance</filename> module provides two different approaches to
|
2007-12-06 05:12:10 +01:00
|
|
|
calculating great circle distances on the surface of the Earth. The one
|
Make contrib modules' installation scripts more secure.
Hostile objects located within the installation-time search_path could
capture references in an extension's installation or upgrade script.
If the extension is being installed with superuser privileges, this
opens the door to privilege escalation. While such hazards have existed
all along, their urgency increases with the v13 "trusted extensions"
feature, because that lets a non-superuser control the installation path
for a superuser-privileged script. Therefore, make a number of changes
to make such situations more secure:
* Tweak the construction of the installation-time search_path to ensure
that references to objects in pg_catalog can't be subverted; and
explicitly add pg_temp to the end of the path to prevent attacks using
temporary objects.
* Disable check_function_bodies within installation/upgrade scripts,
so that any security gaps in SQL-language or PL-language function bodies
cannot create a risk of unwanted installation-time code execution.
* Adjust lookup of type input/receive functions and join estimator
functions to complain if there are multiple candidate functions. This
prevents capture of references to functions whose signature is not the
first one checked; and it's arguably more user-friendly anyway.
* Modify various contrib upgrade scripts to ensure that catalog
modification queries are executed with secure search paths. (These
are in-place modifications with no extension version changes, since
it is the update process itself that is at issue, not the end result.)
Extensions that depend on other extensions cannot be made fully secure
by these methods alone; therefore, revert the "trusted" marking that
commit eb67623c9 applied to earthdistance and hstore_plperl, pending
some better solution to that set of issues.
Also add documentation around these issues, to help extension authors
write secure installation scripts.
Patch by me, following an observation by Andres Freund; thanks
to Noah Misch for review.
Security: CVE-2020-14350
2020-08-10 16:44:42 +02:00
|
|
|
described first depends on the <filename>cube</filename> module.
|
|
|
|
The second one is based on the built-in <type>point</type> data type,
|
2007-12-06 05:12:10 +01:00
|
|
|
using longitude and latitude for the coordinates.
|
2007-11-11 00:30:46 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2007-12-06 05:12:10 +01:00
|
|
|
In this module, the Earth is assumed to be perfectly spherical.
|
|
|
|
(If that's too inaccurate for you, you might want to look at the
|
2020-07-18 15:43:35 +02:00
|
|
|
<application><ulink url="https://postgis.net/">PostGIS</ulink></application>
|
2007-12-06 05:12:10 +01:00
|
|
|
project.)
|
2007-11-11 00:30:46 +01:00
|
|
|
</para>
|
2020-02-13 21:02:35 +01:00
|
|
|
|
|
|
|
<para>
|
Make contrib modules' installation scripts more secure.
Hostile objects located within the installation-time search_path could
capture references in an extension's installation or upgrade script.
If the extension is being installed with superuser privileges, this
opens the door to privilege escalation. While such hazards have existed
all along, their urgency increases with the v13 "trusted extensions"
feature, because that lets a non-superuser control the installation path
for a superuser-privileged script. Therefore, make a number of changes
to make such situations more secure:
* Tweak the construction of the installation-time search_path to ensure
that references to objects in pg_catalog can't be subverted; and
explicitly add pg_temp to the end of the path to prevent attacks using
temporary objects.
* Disable check_function_bodies within installation/upgrade scripts,
so that any security gaps in SQL-language or PL-language function bodies
cannot create a risk of unwanted installation-time code execution.
* Adjust lookup of type input/receive functions and join estimator
functions to complain if there are multiple candidate functions. This
prevents capture of references to functions whose signature is not the
first one checked; and it's arguably more user-friendly anyway.
* Modify various contrib upgrade scripts to ensure that catalog
modification queries are executed with secure search paths. (These
are in-place modifications with no extension version changes, since
it is the update process itself that is at issue, not the end result.)
Extensions that depend on other extensions cannot be made fully secure
by these methods alone; therefore, revert the "trusted" marking that
commit eb67623c9 applied to earthdistance and hstore_plperl, pending
some better solution to that set of issues.
Also add documentation around these issues, to help extension authors
write secure installation scripts.
Patch by me, following an observation by Andres Freund; thanks
to Noah Misch for review.
Security: CVE-2020-14350
2020-08-10 16:44:42 +02:00
|
|
|
The <filename>cube</filename> module must be installed
|
|
|
|
before <filename>earthdistance</filename> can be installed
|
|
|
|
(although you can use the <literal>CASCADE</literal> option
|
|
|
|
of <command>CREATE EXTENSION</command> to install both in one command).
|
2020-02-13 21:02:35 +01:00
|
|
|
</para>
|
2007-11-11 00:30:46 +01:00
|
|
|
|
Make contrib modules' installation scripts more secure.
Hostile objects located within the installation-time search_path could
capture references in an extension's installation or upgrade script.
If the extension is being installed with superuser privileges, this
opens the door to privilege escalation. While such hazards have existed
all along, their urgency increases with the v13 "trusted extensions"
feature, because that lets a non-superuser control the installation path
for a superuser-privileged script. Therefore, make a number of changes
to make such situations more secure:
* Tweak the construction of the installation-time search_path to ensure
that references to objects in pg_catalog can't be subverted; and
explicitly add pg_temp to the end of the path to prevent attacks using
temporary objects.
* Disable check_function_bodies within installation/upgrade scripts,
so that any security gaps in SQL-language or PL-language function bodies
cannot create a risk of unwanted installation-time code execution.
* Adjust lookup of type input/receive functions and join estimator
functions to complain if there are multiple candidate functions. This
prevents capture of references to functions whose signature is not the
first one checked; and it's arguably more user-friendly anyway.
* Modify various contrib upgrade scripts to ensure that catalog
modification queries are executed with secure search paths. (These
are in-place modifications with no extension version changes, since
it is the update process itself that is at issue, not the end result.)
Extensions that depend on other extensions cannot be made fully secure
by these methods alone; therefore, revert the "trusted" marking that
commit eb67623c9 applied to earthdistance and hstore_plperl, pending
some better solution to that set of issues.
Also add documentation around these issues, to help extension authors
write secure installation scripts.
Patch by me, following an observation by Andres Freund; thanks
to Noah Misch for review.
Security: CVE-2020-14350
2020-08-10 16:44:42 +02:00
|
|
|
<caution>
|
|
|
|
<para>
|
|
|
|
It is strongly recommended that <filename>earthdistance</filename>
|
|
|
|
and <filename>cube</filename> be installed in the same schema, and that
|
|
|
|
that schema be one for which CREATE privilege has not been and will not
|
|
|
|
be granted to any untrusted users.
|
|
|
|
Otherwise there are installation-time security hazards
|
|
|
|
if <filename>earthdistance</filename>'s schema contains objects defined
|
|
|
|
by a hostile user.
|
|
|
|
Furthermore, when using <filename>earthdistance</filename>'s functions
|
|
|
|
after installation, the entire search path should contain only trusted
|
|
|
|
schemas.
|
|
|
|
</para>
|
|
|
|
</caution>
|
|
|
|
|
2023-01-09 21:08:24 +01:00
|
|
|
<sect2 id="earthdistance-cube-based">
|
2019-09-08 10:26:35 +02:00
|
|
|
<title>Cube-Based Earth Distances</title>
|
2007-12-06 05:12:10 +01:00
|
|
|
|
|
|
|
<para>
|
|
|
|
Data is stored in cubes that are points (both corners are the same) using 3
|
|
|
|
coordinates representing the x, y, and z distance from the center of the
|
2021-07-30 20:50:21 +02:00
|
|
|
Earth. A <glossterm linkend="glossary-domain">domain</glossterm>
|
|
|
|
<type>earth</type> over type <type>cube</type> is provided, which
|
2007-12-06 05:12:10 +01:00
|
|
|
includes constraint checks that the value meets these restrictions and
|
|
|
|
is reasonably close to the actual surface of the Earth.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2017-10-09 03:44:17 +02:00
|
|
|
The radius of the Earth is obtained from the <function>earth()</function>
|
2007-12-06 05:12:10 +01:00
|
|
|
function. It is given in meters. But by changing this one function you can
|
|
|
|
change the module to use some other units, or to use a different value of
|
2010-08-17 06:37:21 +02:00
|
|
|
the radius that you feel is more appropriate.
|
2007-12-06 05:12:10 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
This package has applications to astronomical databases as well.
|
2017-10-09 03:44:17 +02:00
|
|
|
Astronomers will probably want to change <function>earth()</function> to return a
|
|
|
|
radius of <literal>180/pi()</literal> so that distances are in degrees.
|
2007-12-06 05:12:10 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Functions are provided to support input in latitude and longitude (in
|
|
|
|
degrees), to support output of latitude and longitude, to calculate
|
|
|
|
the great circle distance between two points and to easily specify a
|
|
|
|
bounding box usable for index searches.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2011-05-04 19:24:07 +02:00
|
|
|
The provided functions are shown
|
2017-11-23 15:39:47 +01:00
|
|
|
in <xref linkend="earthdistance-cube-functions"/>.
|
2007-12-06 05:12:10 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<table id="earthdistance-cube-functions">
|
2019-09-08 10:26:35 +02:00
|
|
|
<title>Cube-Based Earthdistance Functions</title>
|
2020-05-07 20:25:18 +02:00
|
|
|
<tgroup cols="1">
|
|
|
|
<thead>
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
Function
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Description
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
</thead>
|
|
|
|
|
|
|
|
<tbody>
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>earth</primary></indexterm>
|
|
|
|
<function>earth</function> ()
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns the assumed radius of the Earth.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>sec_to_gc</primary></indexterm>
|
|
|
|
<function>sec_to_gc</function> ( <type>float8</type> )
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Converts the normal straight line
|
|
|
|
(secant) distance between two points on the surface of the Earth
|
|
|
|
to the great circle distance between them.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>gc_to_sec</primary></indexterm>
|
|
|
|
<function>gc_to_sec</function> ( <type>float8</type> )
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Converts the great circle distance between two points on the
|
|
|
|
surface of the Earth to the normal straight line (secant) distance
|
|
|
|
between them.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>ll_to_earth</primary></indexterm>
|
|
|
|
<function>ll_to_earth</function> ( <type>float8</type>, <type>float8</type> )
|
|
|
|
<returnvalue>earth</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns the location of a point on the surface of the Earth given
|
|
|
|
its latitude (argument 1) and longitude (argument 2) in degrees.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>latitude</primary></indexterm>
|
|
|
|
<function>latitude</function> ( <type>earth</type> )
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns the latitude in degrees of a point on the surface of the
|
|
|
|
Earth.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>longitude</primary></indexterm>
|
|
|
|
<function>longitude</function> ( <type>earth</type> )
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns the longitude in degrees of a point on the surface of the
|
|
|
|
Earth.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>earth_distance</primary></indexterm>
|
|
|
|
<function>earth_distance</function> ( <type>earth</type>, <type>earth</type> )
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns the great circle distance between two points on the
|
|
|
|
surface of the Earth.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<indexterm><primary>earth_box</primary></indexterm>
|
|
|
|
<function>earth_box</function> ( <type>earth</type>, <type>float8</type> )
|
|
|
|
<returnvalue>cube</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Returns a box suitable for an indexed search using the <type>cube</type>
|
|
|
|
<literal>@></literal>
|
|
|
|
operator for points within a given great circle distance of a location.
|
|
|
|
Some points in this box are further than the specified great circle
|
|
|
|
distance from the location, so a second check using
|
|
|
|
<function>earth_distance</function> should be included in the query.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
</tbody>
|
2007-12-06 05:12:10 +01:00
|
|
|
</tgroup>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
2023-01-09 21:08:24 +01:00
|
|
|
<sect2 id="earthdistance-point-based">
|
2019-09-08 10:26:35 +02:00
|
|
|
<title>Point-Based Earth Distances</title>
|
2007-12-06 05:12:10 +01:00
|
|
|
|
|
|
|
<para>
|
|
|
|
The second part of the module relies on representing Earth locations as
|
2017-10-09 03:44:17 +02:00
|
|
|
values of type <type>point</type>, in which the first component is taken to
|
2007-12-06 05:12:10 +01:00
|
|
|
represent longitude in degrees, and the second component is taken to
|
|
|
|
represent latitude in degrees. Points are taken as (longitude, latitude)
|
|
|
|
and not vice versa because longitude is closer to the intuitive idea of
|
|
|
|
x-axis and latitude to y-axis.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2011-05-04 19:24:07 +02:00
|
|
|
A single operator is provided, shown
|
2017-11-23 15:39:47 +01:00
|
|
|
in <xref linkend="earthdistance-point-operators"/>.
|
2007-12-06 05:12:10 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<table id="earthdistance-point-operators">
|
2019-09-08 10:26:35 +02:00
|
|
|
<title>Point-Based Earthdistance Operators</title>
|
2020-05-07 20:25:18 +02:00
|
|
|
<tgroup cols="1">
|
|
|
|
<thead>
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
Operator
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Description
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
</thead>
|
|
|
|
<tbody>
|
|
|
|
<row>
|
|
|
|
<entry role="func_table_entry"><para role="func_signature">
|
|
|
|
<type>point</type> <literal><@></literal> <type>point</type>
|
|
|
|
<returnvalue>float8</returnvalue>
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Computes the distance in statute miles between
|
|
|
|
two points on the Earth's surface.
|
|
|
|
</para></entry>
|
|
|
|
</row>
|
|
|
|
</tbody>
|
2007-12-06 05:12:10 +01:00
|
|
|
</tgroup>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<para>
|
2017-10-09 03:44:17 +02:00
|
|
|
Note that unlike the <type>cube</type>-based part of the module, units
|
|
|
|
are hardwired here: changing the <function>earth()</function> function will
|
2007-12-06 05:12:10 +01:00
|
|
|
not affect the results of this operator.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
One disadvantage of the longitude/latitude representation is that
|
|
|
|
you need to be careful about the edge conditions near the poles
|
2017-10-09 03:44:17 +02:00
|
|
|
and near +/- 180 degrees of longitude. The <type>cube</type>-based
|
2007-12-06 05:12:10 +01:00
|
|
|
representation avoids these discontinuities.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
</sect1>
|