rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc
History
Noah Misch fd5e16e782 Document search_path security with untrusted dbowner or CREATEROLE. 
Commit 5770172cb0 wrote, incorrectly, that
certain schema usage patterns are secure against CREATEROLE users and
database owners.  When an untrusted user is the database owner or holds
CREATEROLE privilege, a query is secure only if its session started with
SELECT pg_catalog.set_config('search_path', '', false) or equivalent.
Back-patch to 9.4 (all supported versions).

Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com
 		2019-12-08 11:06:26 -08:00
..
src Document search_path security with untrusted dbowner or CREATEROLE. 2019-12-08 11:06:26 -08:00
KNOWN_BUGS
MISSING_FEATURES
Makefile Remove maintainer-check target, fold into normal build 2013-10-10 20:11:56 -04:00
TODO Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00