- Notifications
You must be signed in to change notification settings - Fork4.9k
Commit40d1a10
committed
Doc: stop implying recommendation of insecure search_path value.
SQL "SET search_path = 'pg_catalog, pg_temp'" is silently equivalent to"SET search_path = pg_temp, pg_catalog, "pg_catalog, pg_temp"" insteadof the intended "SET search_path = pg_catalog, pg_temp". (The intentwas a two-element search path. With the single quotes, it insteadspecifies one element with a comma and a space in the middle of theelement.) In addition to the SET statement, this affects SET clauses ofCREATE FUNCTION, ALTER ROLE, and ALTER DATABASE. It does not affect theset_config() SQL function.Though the documentation did not show an insecure command, remove singlequotes that could entice a reader to write an insecure command.Back-patch to v13 (all supported versions).Reported-by: Sven Klemm <sven@timescale.com>Author: Sven Klemm <sven@timescale.com>Backpatch-through: 131 parent18dc43a commit40d1a10
1 file changed
+2
-2
lines changedLines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1339 | 1339 | | |
1340 | 1340 | | |
1341 | 1341 | | |
1342 | | - | |
1343 | | - | |
| 1342 | + | |
| 1343 | + | |
1344 | 1344 | | |
1345 | 1345 | | |
1346 | 1346 | | |
| |||
0 commit comments
Comments
(0)