diff options
| author | Robert Haas <rhaas@postgresql.org> | 2012-02-13 22:20:27 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2012-02-13 22:21:14 -0500 |
| commit | cd30728fb2ed7c367d545fc14ab850b5fa2a4850 (patch) | |
| tree | c5d487f3abf9e5c66734db8ecb100f4442763822 /doc/src/sgml/ref/create_function.sgml | |
| parent | 2bbd88f8f841b01efb073972b60d4dc1ff1f6fd0 (diff) | |
| download | postgresql-cd30728fb2ed7c367d545fc14ab850b5fa2a4850.tar.gz postgresql-cd30728fb2ed7c367d545fc14ab850b5fa2a4850.zip | |
Allow LEAKPROOF functions for better performance of security views.
We don't normally allow quals to be pushed down into a view created
with the security_barrier option, but functions without side effects
are an exception: they're OK. This allows much better performance in
common cases, such as when using an equality operator (that might
even be indexable).
There is an outstanding issue here with the CREATE FUNCTION / ALTER
FUNCTION syntax: there's no way to use ALTER FUNCTION to unset the
leakproof flag. But I'm committing this as-is so that it doesn't
have to be rebased again; we can fix up the grammar in a future
commit.
KaiGai Kohei, with some wordsmithing by me.
Diffstat (limited to 'doc/src/sgml/ref/create_function.sgml')
| -rw-r--r-- | doc/src/sgml/ref/create_function.sgml | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml index 2a87130356e..7df66ab0e08 100644 --- a/doc/src/sgml/ref/create_function.sgml +++ b/doc/src/sgml/ref/create_function.sgml @@ -26,7 +26,7 @@ CREATE [ OR REPLACE ] FUNCTION | RETURNS TABLE ( <replaceable class="parameter">column_name</replaceable> <replaceable class="parameter">column_type</replaceable> [, ...] ) ] { LANGUAGE <replaceable class="parameter">lang_name</replaceable> | WINDOW - | IMMUTABLE | STABLE | VOLATILE + | IMMUTABLE | STABLE | VOLATILE | LEAKPROOF | CALLED ON NULL INPUT | RETURNS NULL ON NULL INPUT | STRICT | [ EXTERNAL ] SECURITY INVOKER | [ EXTERNAL ] SECURITY DEFINER | COST <replaceable class="parameter">execution_cost</replaceable> @@ -325,6 +325,23 @@ CREATE [ OR REPLACE ] FUNCTION </varlistentry> <varlistentry> + <term><literal>LEAKPROOF</literal></term> + <listitem> + <para> + <literal>LEAKPROOF</literal> indicates that the function has no side + effects. It reveals no information about its arguments other than by + its return value. For example, a function which throws an error message + for some argument values but not others, or which includes the argument + values in any error message, is not leakproof. The query planner may + push leakproof functions (but not others) into views created with the + <literal>security_barrier</literal> option. See + <xref linkend="sql-createview"> and <xref linkend="rules-privileges">. + This option can only be set by the superuser. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><literal>CALLED ON NULL INPUT</literal></term> <term><literal>RETURNS NULL ON NULL INPUT</literal></term> <term><literal>STRICT</literal></term> |