upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-13 10:40:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix markup.

Browse source 
Security: CVE-2007-2138
This commit is contained in:
Tom Lane 2007-04-20 03:10:51 +00:00
parent eaabaa7e04
commit 8294203637
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/src/sgml/ref/create_function.sgml
View file

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.53.2.2 2007/04/20 02:38:44 tgl Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.53.2.3 2007/04/20 03:10:51 tgl Exp $
-->
<refentry id="SQL-CREATEFUNCTION">
@ -389,7 +389,7 @@ CREATE FUNCTION add(integer, integer) RETURNS integer
Because a <literal>SECURITY DEFINER</literal> function is executed
with the privileges of the user that created it, care is needed to
ensure that the function cannot be misused. For security,
<xref linkend="guc-search-path"> should be set to exclude any schemas
<varname>search_path</> should be set to exclude any schemas
writable by untrusted users. This prevents
malicious users from creating objects that mask objects used by the
function. Particularly important is in this regard is the