Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit d6314b2

Browse files
committed
Improve CREATE FUNCTION doc WRT to LEAKPROOF RLS interaction.
Patch by Dean Rasheed. Back-patched to 9.5 where RLS was introduced.
1 parent 1e15b21 commit d6314b2

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

doc/src/sgml/ref/create_function.sgml

+12-3
Original file line numberDiff line numberDiff line change
@@ -350,9 +350,18 @@ CREATE [ OR REPLACE ] FUNCTION
350350
effects. It reveals no information about its arguments other than by
351351
its return value. For example, a function which throws an error message
352352
for some argument values but not others, or which includes the argument
353-
values in any error message, is not leakproof. The query planner may
354-
push leakproof functions (but not others) into views created with the
355-
<literal>security_barrier</literal> option. See
353+
values in any error message, is not leakproof. This affects how the
354+
system executes queries against views created with the
355+
<literal>security_barrier</literal> option or tables with row level
356+
security enabled. The system will enforce conditions from security
357+
policies and security barrier views before any user-supplied conditions
358+
from the query itself that contain non-leakproof functions, in order to
359+
prevent the inadvertent exposure of data. Functions and operators
360+
marked as leakproof are assumed to be trustworthy, and may be executed
361+
before conditions from security policies and security barrier views.
362+
In addtion, functions which do not take arguments or which are not
363+
passed any arguments from the security barrier view or table do not have
364+
to be marked as leakproof to be executed before security conditions. See
356365
<xref linkend="sql-createview"> and <xref linkend="rules-privileges">.
357366
This option can only be set by the superuser.
358367
</para>

0 commit comments

Comments
 (0)