diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-01-13 18:10:25 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-01-13 18:10:25 +0000 |
| commit | 7d6d02b640395bb2f43c01a134d92ff080e82b34 (patch) | |
| tree | e4bf9dab7b9e32acc1afa63439f3402c7823e77a /doc/src | |
| parent | 1564e92cea27a22ace7da635fe73fc23f96f8d4e (diff) | |
| download | postgresql-7d6d02b640395bb2f43c01a134d92ff080e82b34.tar.gz postgresql-7d6d02b640395bb2f43c01a134d92ff080e82b34.zip | |
Document that CREATE OPERATOR CLASS amounts to granting public execute
permissions on the functions and operators contained in the opclass.
Since we already require superuser privilege to create an operator class,
there's no expansion-of-privilege hazard here, but if someone were to get
the idea of building an opclass containing functions that need security
restrictions, we'd better warn them off. Also, change the permission
checks from have-execute-privilege to have-ownership, and then comment
them all out since they're dead code anyway under the superuser restriction.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/create_opclass.sgml | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/doc/src/sgml/ref/create_opclass.sgml b/doc/src/sgml/ref/create_opclass.sgml index 575672371ee..472bac003de 100644 --- a/doc/src/sgml/ref/create_opclass.sgml +++ b/doc/src/sgml/ref/create_opclass.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.13 2005/01/14 01:16:52 tgl Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.14 2006/01/13 18:10:25 tgl Exp $ PostgreSQL documentation --> @@ -59,8 +59,9 @@ CREATE OPERATOR CLASS <replaceable class="parameter">name</replaceable> [ DEFAUL <para> <command>CREATE OPERATOR CLASS</command> does not presently check - whether the operator class definition includes all the operators and functions - required by the index method. It is the user's + whether the operator class definition includes all the operators and + functions required by the index method, nor whether the operators and + functions form a self-consistent set. It is the user's responsibility to define a valid operator class. </para> @@ -209,6 +210,14 @@ CREATE OPERATOR CLASS <replaceable class="parameter">name</replaceable> [ DEFAUL <title>Notes</title> <para> + Because the index machinery does not check access permissions on functions + before using them, including a function or operator in an operator class + is tantamount to granting public execute permission on it. This is usually + not an issue for the sorts of functions that are useful in an operator + class. + </para> + + <para> The operators should not be defined by SQL functions. A SQL function is likely to be inlined into the calling query, which will prevent the optimizer from recognizing that the query matches an index. |