← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/postgresql-9.1/oneiric-security

« back to all changes in this revision

Viewing changes to doc/src/sgml/html/perm-functions.html

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2011-05-11 10:41:53 UTC
  • Revision ID: james.westby@ubuntu.com-20110511104153-psbh2o58553fv1m0
Tags: upstream-9.1~beta1
ImportĀ upstreamĀ versionĀ 9.1~beta1

Show diffs side-by-side

added added

removed removed

Lines of Context:
doc/src/sgml/html/perm-functions.html
 
1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 
2
<HTML
 
3
><HEAD
 
4
><TITLE
 
5
>Function and Trigger Security</TITLE
 
6
><META
 
7
NAME="GENERATOR"
 
8
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
 
9
REV="MADE"
 
10
HREF="mailto:pgsql-docs@postgresql.org"><LINK
 
11
REL="HOME"
 
12
TITLE="PostgreSQL 9.1beta1 Documentation"
 
13
HREF="index.html"><LINK
 
14
REL="UP"
 
15
TITLE="Database Roles"
 
16
HREF="user-manag.html"><LINK
 
17
REL="PREVIOUS"
 
18
TITLE="Role Membership"
 
19
HREF="role-membership.html"><LINK
 
20
REL="NEXT"
 
21
TITLE="Managing Databases"
 
22
HREF="managing-databases.html"><LINK
 
23
REL="STYLESHEET"
 
24
TYPE="text/css"
 
25
HREF="stylesheet.css"><META
 
26
HTTP-EQUIV="Content-Type"
 
27
CONTENT="text/html; charset=ISO-8859-1"><META
 
28
NAME="creation"
 
29
CONTENT="2011-04-27T21:20:33"></HEAD
 
30
><BODY
 
31
CLASS="SECT1"
 
32
><DIV
 
33
CLASS="NAVHEADER"
 
34
><TABLE
 
35
SUMMARY="Header navigation table"
 
36
WIDTH="100%"
 
37
BORDER="0"
 
38
CELLPADDING="0"
 
39
CELLSPACING="0"
 
40
><TR
 
41
><TH
 
42
COLSPAN="5"
 
43
ALIGN="center"
 
44
VALIGN="bottom"
 
45
><A
 
46
HREF="index.html"
 
47
>PostgreSQL 9.1beta1 Documentation</A
 
48
></TH
 
49
></TR
 
50
><TR
 
51
><TD
 
52
WIDTH="10%"
 
53
ALIGN="left"
 
54
VALIGN="top"
 
55
><A
 
56
TITLE="Role Membership"
 
57
HREF="role-membership.html"
 
58
ACCESSKEY="P"
 
59
>Prev</A
 
60
></TD
 
61
><TD
 
62
WIDTH="10%"
 
63
ALIGN="left"
 
64
VALIGN="top"
 
65
><A
 
66
TITLE="Database Roles"
 
67
HREF="user-manag.html"
 
68
>Fast Backward</A
 
69
></TD
 
70
><TD
 
71
WIDTH="60%"
 
72
ALIGN="center"
 
73
VALIGN="bottom"
 
74
>Chapter 20. Database Roles</TD
 
75
><TD
 
76
WIDTH="10%"
 
77
ALIGN="right"
 
78
VALIGN="top"
 
79
><A
 
80
TITLE="Database Roles"
 
81
HREF="user-manag.html"
 
82
>Fast Forward</A
 
83
></TD
 
84
><TD
 
85
WIDTH="10%"
 
86
ALIGN="right"
 
87
VALIGN="top"
 
88
><A
 
89
TITLE="Managing Databases"
 
90
HREF="managing-databases.html"
 
91
ACCESSKEY="N"
 
92
>Next</A
 
93
></TD
 
94
></TR
 
95
></TABLE
 
96
><HR
 
97
ALIGN="LEFT"
 
98
WIDTH="100%"></DIV
 
99
><DIV
 
100
CLASS="SECT1"
 
101
><H1
 
102
CLASS="SECT1"
 
103
><A
 
104
NAME="PERM-FUNCTIONS"
 
105
>20.4. Function and Trigger Security</A
 
106
></H1
 
107
><P
 
108
>   Functions and triggers allow users to insert code into the backend
 
109
   server that other users might execute unintentionally. Hence, both
 
110
   mechanisms permit users to <SPAN
 
111
CLASS="QUOTE"
 
112
>"Trojan horse"</SPAN
 
113
>
 
114
   others with relative ease. The only real protection is tight
 
115
   control over who can define functions.
 
116
  </P
 
117
><P
 
118
>   Functions run inside the backend
 
119
   server process with the operating system permissions of the
 
120
   database server daemon.  If the programming language
 
121
   used for the function allows unchecked memory accesses, it is
 
122
   possible to change the server's internal data structures.
 
123
   Hence, among many other things, such functions can circumvent any
 
124
   system access controls.  Function languages that allow such access
 
125
   are considered <SPAN
 
126
CLASS="QUOTE"
 
127
>"untrusted"</SPAN
 
128
>, and
 
129
   <SPAN
 
130
CLASS="PRODUCTNAME"
 
131
>PostgreSQL</SPAN
 
132
> allows only superusers to
 
133
   create functions written in those languages.
 
134
  </P
 
135
></DIV
 
136
><DIV
 
137
CLASS="NAVFOOTER"
 
138
><HR
 
139
ALIGN="LEFT"
 
140
WIDTH="100%"><TABLE
 
141
SUMMARY="Footer navigation table"
 
142
WIDTH="100%"
 
143
BORDER="0"
 
144
CELLPADDING="0"
 
145
CELLSPACING="0"
 
146
><TR
 
147
><TD
 
148
WIDTH="33%"
 
149
ALIGN="left"
 
150
VALIGN="top"
 
151
><A
 
152
HREF="role-membership.html"
 
153
ACCESSKEY="P"
 
154
>Prev</A
 
155
></TD
 
156
><TD
 
157
WIDTH="34%"
 
158
ALIGN="center"
 
159
VALIGN="top"
 
160
><A
 
161
HREF="index.html"
 
162
ACCESSKEY="H"
 
163
>Home</A
 
164
></TD
 
165
><TD
 
166
WIDTH="33%"
 
167
ALIGN="right"
 
168
VALIGN="top"
 
169
><A
 
170
HREF="managing-databases.html"
 
171
ACCESSKEY="N"
 
172
>Next</A
 
173
></TD
 
174
></TR
 
175
><TR
 
176
><TD
 
177
WIDTH="33%"
 
178
ALIGN="left"
 
179
VALIGN="top"
 
180
>Role Membership</TD
 
181
><TD
 
182
WIDTH="34%"
 
183
ALIGN="center"
 
184
VALIGN="top"
 
185
><A
 
186
HREF="user-manag.html"
 
187
ACCESSKEY="U"
 
188
>Up</A
 
189
></TD
 
190
><TD
 
191
WIDTH="33%"
 
192
ALIGN="right"
 
193
VALIGN="top"
 
194
>Managing Databases</TD
 
195
></TR
 
196
></TABLE
 
197
></DIV
 
198
></BODY
 
199
></HTML
 
200
>
 
 
b'\\ No newline at end of file'