diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/extend.sgml | 14 | ||||
| -rw-r--r-- | doc/src/sgml/hstore.sgml | 9 | ||||
| -rw-r--r-- | doc/src/sgml/ltree.sgml | 9 |
3 files changed, 5 insertions, 27 deletions
diff --git a/doc/src/sgml/extend.sgml b/doc/src/sgml/extend.sgml index 218940ee5ce..ba492ca27c0 100644 --- a/doc/src/sgml/extend.sgml +++ b/doc/src/sgml/extend.sgml @@ -1348,15 +1348,11 @@ SELECT * FROM pg_extension_update_paths('<replaceable>extension_name</replaceabl </para> <para> - Cross-extension references are extremely difficult to make fully - secure, partially because of uncertainty about which schema the other - extension is in. The hazards are reduced if both extensions are - installed in the same schema, because then a hostile object cannot be - placed ahead of the referenced extension in the installation-time - <varname>search_path</varname>. However, no mechanism currently exists - to require that. For now, best practice is to not mark an extension - trusted if it depends on another one, unless that other one is always - installed in <literal>pg_catalog</literal>. + Secure cross-extension references typically require schema-qualification + of the names of the other extension's objects, using the + <literal>@extschema:<replaceable>name</replaceable>@</literal> + syntax, in addition to careful matching of argument types for functions + and operators. </para> </sect3> </sect2> diff --git a/doc/src/sgml/hstore.sgml b/doc/src/sgml/hstore.sgml index 7d93e49e913..44325e0bba0 100644 --- a/doc/src/sgml/hstore.sgml +++ b/doc/src/sgml/hstore.sgml @@ -946,15 +946,6 @@ ALTER TABLE tablename ALTER hstorecol TYPE hstore USING hstorecol || ''; extension for PL/Python is called <literal>hstore_plpython3u</literal>. If you use it, <type>hstore</type> values are mapped to Python dictionaries. </para> - - <caution> - <para> - It is strongly recommended that the transform extensions be installed in - the same schema as <filename>hstore</filename>. Otherwise there are - installation-time security hazards if a transform extension's schema - contains objects defined by a hostile user. - </para> - </caution> </sect2> <sect2 id="hstore-authors"> diff --git a/doc/src/sgml/ltree.sgml b/doc/src/sgml/ltree.sgml index 9584105b03b..1c3543303f0 100644 --- a/doc/src/sgml/ltree.sgml +++ b/doc/src/sgml/ltree.sgml @@ -841,15 +841,6 @@ ltreetest=> SELECT ins_label(path,2,'Space') FROM test WHERE path <@ 'Top. creating a function, <type>ltree</type> values are mapped to Python lists. (The reverse is currently not supported, however.) </para> - - <caution> - <para> - It is strongly recommended that the transform extension be installed in - the same schema as <filename>ltree</filename>. Otherwise there are - installation-time security hazards if a transform extension's schema - contains objects defined by a hostile user. - </para> - </caution> </sect2> <sect2 id="ltree-authors"> |