- Notifications
You must be signed in to change notification settings - Fork5.2k
Commitc6a26e4
committed
Doc: stop implying recommendation of insecure search_path value.
SQL "SET search_path = 'pg_catalog, pg_temp'" is silently equivalent to"SET search_path = pg_temp, pg_catalog, "pg_catalog, pg_temp"" insteadof the intended "SET search_path = pg_catalog, pg_temp". (The intentwas a two-element search path. With the single quotes, it insteadspecifies one element with a comma and a space in the middle of theelement.) In addition to the SET statement, this affects SET clauses ofCREATE FUNCTION, ALTER ROLE, and ALTER DATABASE. It does not affect theset_config() SQL function.Though the documentation did not show an insecure command, remove singlequotes that could entice a reader to write an insecure command.Back-patch to v13 (all supported versions).Reported-by: Sven Klemm <sven@timescale.com>Author: Sven Klemm <sven@timescale.com>Backpatch-through: 131 parent0064020 commitc6a26e4
1 file changed
+2
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1344 | 1344 | | |
1345 | 1345 | | |
1346 | 1346 | | |
1347 | | - | |
1348 | | - | |
| 1347 | + | |
| 1348 | + | |
1349 | 1349 | | |
1350 | 1350 | | |
1351 | 1351 | | |
| |||
0 commit comments
Comments
(0)