upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-15 22:10:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/doc/src/sgml
History
Tom Lane 52511fd624 Docs: add disclaimer about hazards of using regexps from untrusted sources. 
It's not terribly hard to devise regular expressions that take large
amounts of time and/or memory to process.  Recent testing by Greg Stark has
also shown that machines with small stack limits can be driven to stack
overflow by suitably crafted regexps.  While we intend to fix these things
as much as possible, it's probably impossible to eliminate slow-execution
cases altogether.  In any case we don't want to treat such things as
security issues.  The history of that code should already discourage
prudent DBAs from allowing execution of regexp patterns coming from
possibly-hostile sources, but it seems like a good idea to warn about the
hazard explicitly.

Currently, similar_escape() allows access to enough of the underlying
regexp behavior that the warning has to apply to SIMILAR TO as well.
We might be able to make it safer if we tightened things up to allow only
SQL-mandated capabilities in SIMILAR TO; but that would be a subtly
non-backwards-compatible change, so it requires discussion and probably
could not be back-patched.

Per discussion among pgsql-security list.
2015-10-02 13:30:43 -04:00
..
ref Improve documentation about MVCC-unsafe utility commands. 2015-08-15 13:30:16 -04:00
.gitignore Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
acronyms.sgml Add SP-GiST (space-partitioned GiST) index access method. 2011-12-17 16:42:30 -05:00
adminpack.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
advanced.sgml Adjust documentation wording of window function ORDER BY to not mention 2011-02-20 00:01:08 -05:00
arch-dev.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
array.sgml Improve documentation about array concat operator vs. underlying functions. 2015-07-09 18:50:31 -04:00
auth-delay.sgml Remove the custom_variable_classes parameter. 2011-10-04 12:36:55 -04:00
auto-explain.sgml Fix failure of contrib/auto_explain to print per-node timing information. 2014-09-19 13:19:05 -04:00
backup.sgml Doc correction to point out that 9.2+ can overwrite pg_xlog files. 2012-08-08 22:36:55 +01:00
biblio.sgml Properly capitalize hyphenated words in documentation titles. 2011-02-01 17:00:26 -05:00
bki.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
btree-gin.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
btree-gist.sgml Spell checking and markup refinement 2011-05-19 01:14:45 +03:00
catalogs.sgml Fix documentation about joining pg_locks to other views. 2014-04-03 14:18:31 -04:00
charset.sgml Docs: fix erroneous claim about max byte length of GB18030. 2015-05-14 14:59:00 -04:00
chkpass.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
citext.sgml citext's regexp_matches() functions weren't documented, either. 2015-05-05 16:11:16 -04:00
client-auth.sgml Fix docs typo 2015-05-16 13:28:27 -04:00
config.sgml Disable ssl renegotiation by default. 2015-07-28 22:06:31 +02:00
contacts.sgml Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
contrib-spi.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
contrib.sgml Split contrib documentation into extensions and programs 2012-05-09 20:39:53 +03:00
cube.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
datatype.sgml Support timezone abbreviations that sometimes change. 2014-10-16 15:22:20 -04:00
datetime.sgml Support timezone abbreviations that sometimes change. 2014-10-16 15:22:20 -04:00
dblink.sgml dblink docs: fix typo to use "connname" (3 n's), not "conname" 2015-08-27 13:43:10 -04:00
ddl.sgml doc: Add IDs to link targets used by phpPgAdmin 2013-06-04 23:11:30 -04:00
dfunc.sgml Remove BSD/OS (BSDi) port. There are no known users upgrading to 2012-05-03 10:58:44 -04:00
dict-int.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
dict-xsyn.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
diskusage.sgml Properly capitalize documentation headings; some only had initial-word 2011-01-29 13:01:48 -05:00
dml.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
docguide.sgml Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
dummy-seclabel.sgml Fix typo in dummy_seclabel documentation. 2011-10-13 12:16:07 -04:00
earthdistance.sgml Fix typos in docs, some words were doubled. 2012-04-10 09:31:31 +03:00
ecpg.sgml Fixed array handling in ecpg. 2015-02-11 11:14:14 +01:00
errcodes.sgml Drop "meaning" column from error code table 2011-05-28 00:25:33 +03:00
extend.sgml Fix pg_dump handling of extension config tables 2015-03-02 14:12:38 -05:00
external-projects.sgml doc: Correct psycopg URL 2013-10-02 21:34:16 -04:00
fdwhandler.sgml Fix documentation typo. 2012-12-22 15:01:45 -05:00
features.sgml Update SQL features/conformance information to SQL:2011 2012-05-17 09:50:04 +03:00
file-fdw.sgml doc: improve wording of "foreign data server" in file-fdw docs 2013-01-25 10:14:11 -05:00
filelist.sgml Publish draft version of Postgres 9.2 release notes. 2012-05-09 22:25:52 -04:00
fixrtf Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
func.sgml Docs: add disclaimer about hazards of using regexps from untrusted sources. 2015-10-02 13:30:43 -04:00
fuzzystrmatch.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
generate-errcodes-table.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00
geqo.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
gin.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
gist.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
high-availability.sgml Clarify that streaming replication can be both async and sync 2013-01-20 16:11:01 +01:00
history.sgml Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
hstore.sgml Remove hstore's text => text operator. 2011-11-07 21:47:45 -05:00
indexam.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
indices.sgml Fix typo in previous commit 2012-10-17 09:19:24 +01:00
info.sgml Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
information_schema.sgml Fix typo in information_schema documentation. 2012-09-05 23:37:45 -04:00
install-windows.sgml Update the description for the graphical installers 2013-04-10 21:39:45 +02:00
installation.sgml Support timezone abbreviations that sometimes change. 2014-10-16 15:22:20 -04:00
intagg.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
intarray.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
intro.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
isn.sgml Use entities to encode non-ASCII characters in SGML documentation 2011-05-31 23:11:46 +03:00
jadetex.cfg Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
keywords.sgml Update SQL key word list to SQL:2011 2012-05-24 20:06:25 +03:00
legal.sgml Update copyright for 2015 2015-01-06 11:43:46 -05:00
libpq.sgml Fix another broken link in documentation. 2015-07-09 16:12:18 +03:00
lo.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
lobj.sgml Improve description of loread/lowrite. 2013-06-12 12:21:46 -04:00
ltree.sgml Some markup cleanup to deconfuse the find_gt_lt tool 2011-08-30 20:32:49 +03:00
maintenance.sgml Don't balance vacuum cost delay when per-table settings are in effect 2014-10-03 13:01:27 -03:00
Makefile Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
manage-ag.sgml Fix inaccurate description of tablespace. 2013-07-31 22:37:11 +09:00
mk_feature_tables.pl Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:48 -04:00
monitoring.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
mvcc.sgml Improve documentation about MVCC-unsafe utility commands. 2015-08-15 13:30:16 -04:00
nls.sgml Update iso.org page link 2012-12-08 07:38:02 -05:00
notation.sgml Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
oid2name.sgml Make documentation of --help and --version options more consistent 2012-06-18 02:47:53 +03:00
pageinspect.sgml Fix documentation oversights about pageinspect and initialization fork. 2014-08-11 22:53:09 +09:00
passwordcheck.sgml In documentation, change "recommendable" to "recommended", per 2012-08-14 12:36:46 -04:00
perform.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
pgarchivecleanup.sgml Remove incorrect warning from pg_archivecleanup document. 2015-07-06 21:00:09 +09:00
pgbench.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
pgbuffercache.sgml pg_buffercache: document column meanings 2013-07-03 14:19:43 -04:00
pgcrypto.sgml pgcrypto: Report errant decryption as "Wrong key or corrupt data". 2015-05-18 10:02:37 -04:00
pgfreespacemap.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
pgrowlocks.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
pgstandby.sgml Make documentation of --help and --version options more consistent 2012-06-18 02:47:53 +03:00
pgstatstatements.sgml Rename I/O timing statistics columns to blk_read_time and blk_write_time. 2012-04-29 18:13:33 -04:00
pgstattuple.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
pgtestfsync.sgml Make documentation of --help and --version options more consistent 2012-06-18 02:47:53 +03:00
pgtesttiming.sgml Make documentation of --help and --version options more consistent 2012-06-18 02:47:53 +03:00
pgtrgm.sgml Document that contrib/pgtrgm only processes ASCII alphanumeric 2011-09-05 13:24:45 -04:00
pgupgrade.sgml Limit pg_upgrade authentication advice to always-secure techniques. 2014-07-18 16:05:33 -04:00
planstats.sgml Update and extend the EXPLAIN-related documentation. 2011-09-28 19:39:54 -04:00
plhandler.sgml Document security implications of check_function_bodies. 2014-02-17 09:33:33 -05:00
plperl.sgml Fix minor stylistic issue 2012-04-24 21:16:07 +03:00
plpgsql.sgml Fix broken example in PL/pgSQL document. 2014-10-10 03:19:00 +09:00
plpython.sgml PL/Python: Fix example 2014-11-01 11:33:48 -04:00
pltcl.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
postgres.sgml Add SP-GiST (space-partitioned GiST) index access method. 2011-12-17 16:42:30 -05:00
problems.sgml Use "backend process" rather than "backend server", where appropriate. 2011-03-12 09:38:56 -05:00
protocol.sgml Report WAL flush, not insert, position in replication IDENTIFY_SYSTEM 2015-02-06 11:32:37 +02:00
queries.sgml Improve documentation's description of JOIN clauses. 2014-11-19 16:00:33 -05:00
query.sgml Use "backend process" rather than "backend server", where appropriate. 2011-03-12 09:38:56 -05:00
rangetypes.sgml Improve Range Types and Exclusion Constraints example. 2013-09-05 07:29:39 -07:00
README.links Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
recovery-config.sgml Make superuser imply replication privilege. The idea of a privilege that 2012-01-14 18:22:16 +02:00
reference.sgml Fix some typos in the documentation 2012-04-06 23:55:24 +03:00
regress.sgml Lock down regression testing temporary clusters on Windows. 2014-12-17 22:48:47 -05:00
release-7.4.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
release-8.0.sgml Improve cross-references between minor version release notes. 2014-02-12 19:09:24 -05:00
release-8.1.sgml Improve cross-references between minor version release notes. 2014-02-12 19:09:24 -05:00
release-8.2.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
release-8.3.sgml Improve cross-references between minor version release notes. 2014-02-12 19:09:24 -05:00
release-8.4.sgml Release notes for 9.3.5, 9.2.9, 9.1.14, 9.0.18, 8.4.22. 2014-07-21 14:59:32 -04:00
release-9.0.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.1.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.2.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-old.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
release.sgml Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
rowtypes.sgml Further review of range-types patch. 2011-11-18 18:24:32 -05:00
rules.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
runtime.sgml Update our documentation concerning where to create data directories. 2015-07-28 18:42:59 -04:00
seg.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
sepgsql.sgml doc: correct sepgsql doc about permission checking of CASCADE 2013-01-24 21:21:50 -05:00
sourcerepo.sgml Properly capitalize documentation headings; some only had initial-word 2011-01-29 13:01:48 -05:00
sources.sgml Add an errdetail_internal() ereport auxiliary routine. 2011-07-16 14:22:15 -04:00
spgist.sgml Documentation spell and markup checking 2012-06-08 00:06:20 +03:00
spi.sgml Fix SPI documentation for new handling of ExecutorRun's count parameter. 2013-01-24 18:34:04 -05:00
sql.sgml doc: Fix for too many brackets in command synopses on man pages 2012-05-03 22:58:00 +03:00
sslinfo.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
standalone-install.sgml Don't generate plain-text HISTORY and src/test/regress/README anymore. 2014-02-10 20:48:20 -05:00
start.sgml Remove mention of using "man" from the tutorial. 2011-04-03 19:49:05 -04:00
storage.sgml Fix documentation oversights about pageinspect and initialization fork. 2014-08-11 22:53:09 +09:00
stylesheet-common.xsl Fix display of <command> elements on man pages 2012-04-30 21:18:03 +03:00
stylesheet-fo.xsl Fix display of <command> elements on man pages 2012-04-30 21:18:03 +03:00
stylesheet-hh.xsl Fix display of <command> elements on man pages 2012-04-30 21:18:03 +03:00
stylesheet-man.xsl Show step titles in the pg_upgrade man page 2012-07-17 21:35:30 +03:00
stylesheet.css Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
stylesheet.dsl doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
stylesheet.xsl XSLT stylesheet: Add slash to directory name 2012-11-08 23:58:05 -05:00
syntax.sgml Fix incorrect markup in documentation of window frame clauses. 2015-03-31 20:03:55 -04:00
tablefunc.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
tcn.sgml Assorted spelling corrections. 2012-04-12 10:43:39 -04:00
test-parser.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
textsearch.sgml Update site address of Snowball project 2015-09-07 15:22:07 +03:00
trigger.sgml Fix trigger example code to match header changes 2012-03-20 16:50:18 -03:00
tsearch2.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
typeconv.sgml Clarify type resolution behavior for domain types. 2014-08-10 16:13:22 -04:00
unaccent.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
user-manag.sgml Make superuser imply replication privilege. The idea of a privilege that 2012-01-14 18:22:16 +02:00
uuid-ossp.sgml Add xreflabels to /contrib manuals so links appear correct. Also update 2011-05-07 22:29:20 -04:00
vacuumlo.sgml Make documentation of --help and --version options more consistent 2012-06-18 02:47:53 +03:00
wal.sgml Fix checkpoint_timeout documentation to reflect current behavior. 2012-08-30 15:08:53 -04:00
xaggr.sgml Remove spclocation field from pg_tablespace 2011-12-07 10:37:33 +01:00
xfunc.sgml Docs: clarify treatment of variadic functions with zero variadic arguments. 2014-12-21 15:31:19 -05:00
xindex.sgml Add SP-GiST (space-partitioned GiST) index access method. 2011-12-17 16:42:30 -05:00
xml2.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
xoper.sgml doc: Various typo/grammar fixes 2014-08-30 11:04:12 -05:00
xplang.sgml Update documentation to reflect that standard PLs are now extensions. 2011-03-05 01:08:38 -05:00
xtypes.sgml Avoid extra whitespace in the arguments of <indexterm>. 2011-04-08 11:36:05 -04:00

README.links 

<!-- doc/src/sgml/README.links -->

Linking within SGML documents can be confusing, so here is a summary:


Intra-document Linking
----------------------

<xref>
	use to get chapter/section # from the title of the target
	link, or xreflabel if defined at the target; has no close tag
	http://www.oasis-open.org/docbook/documentation/reference/html/xref.html

<link>
	use to supply text for the link, requires </link>
	http://www.oasis-open.org/docbook/documentation/reference/html/link.html

linkend=
	controls the target of the link/xref, required

endterm=
	for <xref>, allows the text of the link/xref to be taken from a
	different link target title


External Linking
----------------

<ulink>
	like <link>, but uses a URL (not a document target);  requires
	</ulink>; if no text is specified, the URL appears as the link
	text
	http://www.oasis-open.org/docbook/documentation/reference/html/ulink.html

url=
	used by <ulink> to specify the URL, required


Guidelines
----------

o  If you want to supply text, use <link>, else <xref>
o  Do not use text with <ulink> so the URL appears in printed output
o  Specific nouns like GUC variables, SQL commands, and contrib modules
   usually have xreflabels