diff options
| author | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:31 -0500 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:38 -0500 |
| commit | 09e2d4c145a6d796271cb8731c6201d76d0a0e9c (patch) | |
| tree | 148761ab8005708dee793656a16f6db729d65043 | |
| parent | 823b9dc2566dbdbdab3c08b83adb64eb428b8ca5 (diff) | |
| download | postgresql-09e2d4c145a6d796271cb8731c6201d76d0a0e9c.tar.gz postgresql-09e2d4c145a6d796271cb8731c6201d76d0a0e9c.zip | |
Document security implications of check_function_bodies.
Back-patch to 8.4 (all supported versions).
| -rw-r--r-- | doc/src/sgml/config.sgml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 4791eb12400..f5f340c1f27 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -3967,9 +3967,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; This parameter is normally on. When set to <literal>off</>, it disables validation of the function body string during <xref linkend="sql-createfunction" - endterm="sql-createfunction-title">. Disabling validation is - occasionally useful to avoid problems such as forward references - when restoring function definitions from a dump. + endterm="sql-createfunction-title">. Disabling validation avoids side + effects of the validation process and avoids false positives due + to problems such as forward references. Set this parameter + to <literal>off</> before loading functions on behalf of other + users; <application>pg_dump</> does so automatically. </para> </listitem> </varlistentry> |