Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
关注 1
点赞 0
百科 捐赠
gooderp18绿色标准版
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
目录树: 0f75e31513
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '0f75e31513'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/perm-functions.html

22 行
3.4KB
原始文件 Blame 文件历史 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>21.6. Function Security</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="default-roles.html" title="21.5. Default Roles" /><link rel="next" href="managing-databases.html" title="Chapter 22. Managing Databases" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">21.6. Function Security</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="default-roles.html" title="21.5. Default Roles">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><th width="60%" align="center">Chapter 21. Database Roles</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="managing-databases.html" title="Chapter 22. Managing Databases">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="PERM-FUNCTIONS"><div class="titlepage"><div><div><h2 class="title" style="clear: both">21.6. Function Security</h2></div></div></div><p>

  3.    Functions, triggers and row-level security policies allow users to insert

  4.    code into the backend server that other users might execute

  5.    unintentionally. Hence, these mechanisms permit users to <span class="quote">“<span class="quote">Trojan

  6.    horse</span>”</span> others with relative ease. The strongest protection is tight

  7.    control over who can define objects. Where that is infeasible, write

  8.    queries referring only to objects having trusted owners.  Remove

  9.    from <code class="varname">search_path</code> the public schema and any other schemas

  10.    that permit untrusted users to create objects.

  11.   </p><p>

  12.    Functions run inside the backend

  13.    server process with the operating system permissions of the

  14.    database server daemon.  If the programming language

  15.    used for the function allows unchecked memory accesses, it is

  16.    possible to change the server's internal data structures.

  17.    Hence, among many other things, such functions can circumvent any

  18.    system access controls.  Function languages that allow such access

  19.    are considered <span class="quote">“<span class="quote">untrusted</span>”</span>, and

  20.    <span class="productname">PostgreSQL</span> allows only superusers to

  21.    create functions written in those languages.

  22.   </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="default-roles.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="user-manag.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="managing-databases.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">21.5. Default Roles </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 22. Managing Databases</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1