| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Use @extschema:name@ notation in contrib transform modules. |
| Date: | 2025-01-09 20:17:04 |
| Message-ID: | E1tVyxk-000iT3-8r@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Use @extschema:name@ notation in contrib transform modules.
Harden hstore_plperl, hstore_plpython, and ltree_plpython
against search-path-based attacks by using @extschema:name@
notation to refer to the underlying hstore or ltree data type.
This allows removal of the previous documentation warning
suggesting that they must be installed in the same schema as
the underlying data type. In passing, also improve a para in
extend.sgml to suggest using @extschema:name@ for such purposes.
Discussion: https://postgr.es/m/692480.1736021695@sss.pgh.pa.us
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/bebe9040388bb2292585eab712fe4d29a71843fb
Modified Files
--------------
contrib/hstore_plperl/hstore_plperl--1.0.sql | 4 ++--
contrib/hstore_plperl/hstore_plperlu--1.0.sql | 4 ++--
contrib/hstore_plpython/hstore_plpython3u--1.0.sql | 6 +++---
contrib/ltree_plpython/ltree_plpython3u--1.0.sql | 2 +-
doc/src/sgml/extend.sgml | 14 +++++---------
doc/src/sgml/hstore.sgml | 9 ---------
doc/src/sgml/ltree.sgml | 9 ---------
7 files changed, 13 insertions(+), 35 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2025-01-09 23:13:32 | pgsql: Fix an ALTER GROUP ... DROP USER error message. |
| Previous Message | Álvaro Herrera | 2025-01-09 13:17:49 | pgsql: Simplify signature of RewriteTable |