postgresql

Go to file

Tom Lane eedb068c0a Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600		2008-01-03 21:23:15 +00:00
config	Update config.guess and config.sub	2007-11-15 20:21:05 +00:00
contrib	Fix some missed copyright updates.	2008-01-01 20:31:21 +00:00
doc	Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,	2008-01-03 21:23:15 +00:00
src	Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,	2008-01-03 21:23:15 +00:00
COPYRIGHT	Update copyrights in source tree to 2008.	2008-01-01 19:46:01 +00:00
GNUmakefile.in	Replace useless uses of := by = in makefiles.	2007-02-09 15:56:00 +00:00
Makefile	Remove remains of old depend target.	2007-01-20 17:16:17 +00:00
README	Clean up some now-obsolete references to GBorg.	2007-11-14 01:58:18 +00:00
README.CVS	Some further editorializing on README.CVS.	2004-03-28 06:09:08 +00:00
aclocal.m4	Add new auto-detection of thread flags.	2004-04-23 18:15:55 +00:00
configure	Update copyrights in source tree to 2008.	2008-01-01 19:46:01 +00:00
configure.in	Update copyrights in source tree to 2008.	2008-01-01 19:46:01 +00:00

README

PostgreSQL Database Management System
=====================================
  
This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces including some of the more
common listed below:

C++ - http://thaiopensource.org/development/libpqxx/
JDBC - http://jdbc.postgresql.org
ODBC - http://odbc.postgresql.org
Perl - http://search.cpan.org/~dbdpg/
PHP - http://www.php.net
Python - http://www.initd.org/
Ruby - http://ruby.scripting.ca/postgres/

Other language binding are available from a variety of contributing
parties.

PostgreSQL also has a great number of procedural languages available,
a short, incomplete list is below:

PL/pgSQL - included in PostgreSQL source distribution
PL/Perl - included in PostgreSQL source distribution
PL/PHP - http://projects.commandprompt.com/projects/public/plphp
PL/Python - included in PostgreSQL source distribution
PL/Java - http://pgfoundry.org/projects/pljava/
PL/Tcl - included in PostgreSQL source distribution

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Changes between all PostgreSQL releases are recorded in the
file HISTORY.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
http://www.postgresql.org/download/.  For more information look at our
web site located at http://www.postgresql.org/.