[postgis-devel] PSC Vote - Mark postgis, postgis_topology, address_standardizer as trusted
Christoph Berg
myon at debian.org
Mon Mar 8 05:27:17 PST 2021
Re: Raúl Marín
> Are there any requirements to be a "trusted extension"? As in DO and DON'T
> we should take into account during development in the future? I couldn't
> find anything in Postgresql docs.
There must not be any functions that you wouldn't want an untrusted
user to execute, like modify system catalogs, or read/write directly
from/to the filesystem. Extension install/upgrade scripts need to be
secure against search_path attacks and similar.
https://www.postgresql.org/docs/13/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY
Christoph
More information about the postgis-devel
mailing list