| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Josh Kupershmidt <schmiddy(at)gmail(dot)com> |
| Cc: | Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: pg_temp implicit search path: functions vs. tables |
| Date: | 2010-10-21 04:47:39 |
| Message-ID: | 12887.1287636459@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Josh Kupershmidt <schmiddy(at)gmail(dot)com> writes:
> pg_temp is being implicitly included in the default search path when
> looking for tables, but not for functions. Is there a reason for this
> difference?
Yes. They used to be the same, but awhile back we decided it was a
security hole to look for functions or operators in the implicit temp
schema. It makes it too easy for someone to substitute a trojan-horse
function that will be picked up in preference to whatever's in the
normal search path. See CVE-2007-2138.
If you actually do want to define and call temporary functions, you
can include "pg_temp" in the search path explicitly, or perhaps better,
explicitly qualify the intentional calls with pg_temp.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil D'Souza | 2010-10-21 04:48:39 | Re: a query on stored procedures/functions in pgsql |
| Previous Message | Scott Marlowe | 2010-10-21 04:40:33 | Re: Cannot Start Postgres After System Boot |