diff --git a/doc/src/sgml/earthdistance.sgml b/doc/src/sgml/earthdistance.sgml
index 5b50da0510b..48d9e6b3573 100644
--- a/doc/src/sgml/earthdistance.sgml
+++ b/doc/src/sgml/earthdistance.sgml
@@ -55,7 +55,8 @@
- The following functions are provided:
+ The provided functions are shown
+ in .
@@ -148,7 +149,8 @@
- A single operator is provided:
+ A single operator is provided, shown
+ in .
diff --git a/doc/src/sgml/hstore.sgml b/doc/src/sgml/hstore.sgml
index f00b06aa7aa..acd931a9909 100644
--- a/doc/src/sgml/hstore.sgml
+++ b/doc/src/sgml/hstore.sgml
@@ -85,6 +85,12 @@ key => NULL
<type>hstore</> Operators and Functions
+
+ The operators provided by the hstore module are
+ shown in , the functions
+ in .
+
+
<type>hstore</> Operators
diff --git a/doc/src/sgml/intarray.sgml b/doc/src/sgml/intarray.sgml
index 449878d6716..5ad738d9186 100644
--- a/doc/src/sgml/intarray.sgml
+++ b/doc/src/sgml/intarray.sgml
@@ -27,6 +27,12 @@
<filename>intarray</> Functions and Operators
+
+ The functions provided by the intarray module
+ are shown in , the operators
+ in .
+
+
<filename>intarray</> Functions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 19eb9447e8d..ba0cfc99cdb 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -385,63 +385,70 @@ PGconn *PQconnectdbParams(const char **keywords, const char **values, int expand
This option determines whether or with what priority a secure
SSL TCP/IP connection will be negotiated with the
server. There are six modes:
-
-
- <literal>sslmode</literal> Options
-
-
-
- Option
- Description
-
-
+
+
+ disable
+
+
+ only try a non-SSL connection
+
+
+
-
+
+ allow
+
+
+ first try a non-SSL connection; if that
+ fails, try an SSL connection
+
+
+
-
- disable
- only try a non-SSL connection
-
+
+ prefer (default)
+
+
+ first try an SSL connection; if that fails,
+ try a non-SSL connection
+
+
+
-
- allow
- first try a non-SSL
- connection; if that fails, try an SSL
- connection
-
+
+ require
+
+
+ only try an SSL connection
+
+
+
-
- prefer (default)
- first try an SSL connection; if
- that fails, try a non-SSL
- connection
-
+
+ verify-ca
+
+
+ only try an SSL connection, and verify that
+ the server certificate is issued by a trusted
+ certificate authority (CA)
+
+
+
-
- require
- only try an SSL connection
-
+
+ verify-full
+
+
+ only try an SSL connection, verify that the
+ server certificate is issued by a
+ trusted CA and that the server host name
+ matches that in the certificate
+
+
+
+
-
- verify-ca
- only try an SSL connection, and verify that
- the server certificate is issued by a trusted certificate
- authority (CA)
-
-
-
- verify-full
- only try an SSL connection, verify that
- the server certificate is issued by a trusted CA and
- that the server host name matches that in the certificate
-
-
-
-
-
-
-
See for a detailed description of how
these options work.
@@ -6773,30 +6780,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
The different values for the sslmode parameter provide different
levels of protection. SSL can provide
protection against three types of attacks:
-
-
- SSL Attacks
-
-
-
- Type
- Description
-
-
-
-
- Eavesdropping
- If a third party can examine the network traffic between the
+
+
+ Eavesdropping
+
+ If a third party can examine the network traffic between the
client and the server, it can read both connection information (including
the user name and password) and the data that is passed. SSL
uses encryption to prevent this.
-
-
+
+
+
-
- Man in the middle (MITM)
- If a third party can modify the data while passing between the
+
+ Man in the middle (MITM)
+
+ If a third party can modify the data while passing between the
client and server, it can pretend to be the server and therefore see and
modify data even if it is encrypted. The third party can then
forward the connection information and data to the original server,
@@ -6805,21 +6805,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
to a different server than intended. There are also several other
attack methods that can accomplish this. SSL uses certificate
verification to prevent this, by authenticating the server to the client.
-
-
+
+
+
-
- Impersonation
- If a third party can pretend to be an authorized client, it can
+
+ Impersonation
+
+ If a third party can pretend to be an authorized client, it can
simply access data it should not have access to. Typically this can
happen through insecure password management. SSL uses
client certificates to prevent this, by making sure that only holders
of valid certificates can access the server.
-
-
-
-
-
+
+
+
+
+
For a connection to be known secure, SSL usage must be configured
@@ -6844,9 +6846,9 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
All SSL options carry overhead in the form of encryption and
key-exchange, so there is a tradeoff that has to be made between performance
- and security. The following table illustrates the risks the different
- sslmode values protect against, and what statement they make
- about security and overhead:
+ and security.
+ illustrates the risks the different sslmode values
+ protect against, and what statement they make about security and overhead.
@@ -6942,6 +6944,12 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
SSL Client File Usage
+
+
+ summarizes the files that are
+ relevant to the SSL setup on the client.
+
+
Libpq/Client SSL File Usage
diff --git a/doc/src/sgml/ltree.sgml b/doc/src/sgml/ltree.sgml
index d6b58c17d79..d00c91e9857 100644
--- a/doc/src/sgml/ltree.sgml
+++ b/doc/src/sgml/ltree.sgml
@@ -182,8 +182,8 @@ Europe & Russia*@ & !Transportation
=, <>,
<, >, <=, >=.
Comparison sorts in the order of a tree traversal, with the children
- of a node sorted by label text. In addition, there are the following
- specialized operators:
+ of a node sorted by label text. In addition, the specialized
+ operators shown in are available.
@@ -362,7 +362,7 @@ Europe & Russia*@ & !Transportation
- The following functions are available:
+ The available functions are shown in .
diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml
index 319a57c6e23..7d8b77e27ef 100644
--- a/doc/src/sgml/monitoring.sgml
+++ b/doc/src/sgml/monitoring.sgml
@@ -1357,9 +1357,10 @@ SELECT pg_stat_get_backend_pid(s.backendid) AS procpid,
A number of standard probes are provided in the source code,
- as shown in .
- More can certainly be added to enhance PostgreSQL's
- observability.
+ as shown in ;
+
+ shows the types used in the probes. More probes can certainly be
+ added to enhance PostgreSQL's observability.
diff --git a/doc/src/sgml/pgtrgm.sgml b/doc/src/sgml/pgtrgm.sgml
index 9210899ec24..581388c683f 100644
--- a/doc/src/sgml/pgtrgm.sgml
+++ b/doc/src/sgml/pgtrgm.sgml
@@ -43,6 +43,12 @@
Functions and Operators
+
+ The functions provided by the pg_trgm module
+ are shown in , the operators
+ in .
+
+
<filename>pg_trgm</filename> Functions
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 143090e99ac..d18ba79f402 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2097,12 +2097,11 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
SSL Server File Usage
-
- The files server.key, server.crt,
- root.crt, and root.crl
- are only examined during server start; so you must restart
- the server for changes in them to take effect.
-
+
+
+ summarizes the files that are
+ relevant to the SSL setup on the server.
+
SSL Server File Usage
@@ -2146,6 +2145,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
+
+
+ The files server.key, server.crt,
+ root.crt, and root.crl
+ are only examined during server start; so you must restart
+ the server for changes in them to take effect.
+
diff --git a/doc/src/sgml/textsearch.sgml b/doc/src/sgml/textsearch.sgml
index 1beebd21ee4..dba5bd6603e 100644
--- a/doc/src/sgml/textsearch.sgml
+++ b/doc/src/sgml/textsearch.sgml
@@ -1799,7 +1799,7 @@ LIMIT 10;
The built-in parser is named pg_catalog.default.
- It recognizes 23 token types:
+ It recognizes 23 token types, shown in .