Noah Misch 8ae4ac6a74 Doc: stop implying recommendation of insecure search_path value. ... SQL "SET search_path = 'pg_catalog, pg_temp'" is silently equivalent to "SET search_path = pg_temp, pg_catalog, "pg_catalog, pg_temp"" instead of the intended "SET search_path = pg_catalog, pg_temp". (The intent was a two-element search path. With the single quotes, it instead specifies one element with a comma and a space in the middle of the element.) In addition to the SET statement, this affects SET clauses of CREATE FUNCTION, ALTER ROLE, and ALTER DATABASE. It does not affect the set_config() SQL function. Though the documentation did not show an insecure command, remove single quotes that could entice a reader to write an insecure command. Back-patch to v13 (all supported versions). Reported-by: Sven Klemm <sven@timescale.com> Author: Sven Klemm <sven@timescale.com> Backpatch-through: 13		2025-05-01 16:52:03 -07:00
..
src	Doc: stop implying recommendation of insecure search_path value.	2025-05-01 16:52:03 -07:00
KNOWN_BUGS	Remove extra newlines at end and beginning of files, add missing newlines	2010-08-19 05:57:36 +00:00
Makefile	Remove maintainer-check target, fold into normal build	2013-10-10 20:11:56 -04:00
MISSING_FEATURES	Remove extra newlines at end and beginning of files, add missing newlines	2010-08-19 05:57:36 +00:00
TODO	Change documentation references to PG website to use https: not http:	2017-05-20 21:50:47 -04:00