- Notifications
You must be signed in to change notification settings - Fork4.9k
Commit16f911c
committed
Doc: stop implying recommendation of insecure search_path value.
SQL "SET search_path = 'pg_catalog, pg_temp'" is silently equivalent to"SET search_path = pg_temp, pg_catalog, "pg_catalog, pg_temp"" insteadof the intended "SET search_path = pg_catalog, pg_temp". (The intentwas a two-element search path. With the single quotes, it insteadspecifies one element with a comma and a space in the middle of theelement.) In addition to the SET statement, this affects SET clauses ofCREATE FUNCTION, ALTER ROLE, and ALTER DATABASE. It does not affect theset_config() SQL function.Though the documentation did not show an insecure command, remove singlequotes that could entice a reader to write an insecure command.Back-patch to v13 (all supported versions).Reported-by: Sven Klemm <sven@timescale.com>Author: Sven Klemm <sven@timescale.com>Backpatch-through: 131 parent715241d commit16f911c
1 file changed
+2
-2
lines changedLines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1300 | 1300 | | |
1301 | 1301 | | |
1302 | 1302 | | |
1303 | | - | |
1304 | | - | |
| 1303 | + | |
| 1304 | + | |
1305 | 1305 | | |
1306 | 1306 | | |
1307 | 1307 | | |
| |||
0 commit comments
Comments
(0)