database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-25 21:42:33 +03:00
Code
postgres/doc
History
Noah Misch cc4371dc34 Document search_path security with untrusted dbowner or CREATEROLE. 
Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that
certain schema usage patterns are secure against CREATEROLE users and
database owners.  When an untrusted user is the database owner or holds
CREATEROLE privilege, a query is secure only if its session started with
SELECT pg_catalog.set_config('search_path', '', false) or equivalent.
Back-patch to 9.4 (all supported versions).

Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com
2019-12-08 11:06:29 -08:00
..
src
Document search_path security with untrusted dbowner or CREATEROLE.
2019-12-08 11:06:29 -08:00
KNOWN_BUGS
Makefile
Remove maintainer-check target, fold into normal build
2013-10-10 20:11:56 -04:00
MISSING_FEATURES
TODO
Change documentation references to PG website to use https: not http:
2017-05-20 21:50:47 -04:00