|
|
|
|
@ -1,5 +1,5 @@ |
|
|
|
|
<!-- |
|
|
|
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.43.2.2 2007/04/20 03:10:57 tgl Exp $ |
|
|
|
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.43.2.3 2007/04/23 16:53:15 neilc Exp $ |
|
|
|
|
--> |
|
|
|
|
|
|
|
|
|
<refentry id="SQL-CREATEFUNCTION"> |
|
|
|
|
@ -458,7 +458,7 @@ Point * complex_to_point (Complex *z) |
|
|
|
|
<varname>search_path</> should be set to exclude any schemas |
|
|
|
|
writable by untrusted users. This prevents |
|
|
|
|
malicious users from creating objects that mask objects used by the |
|
|
|
|
function. Particularly important is in this regard is the |
|
|
|
|
function. Particularly important in this regard is the |
|
|
|
|
temporary-table schema, which is searched first by default, and |
|
|
|
|
is normally writable by anyone. A secure arrangement can be had |
|
|
|
|
by forcing the temporary schema to be searched last. To do this, |
|
|
|
|
|
Neil Conway
18 years ago