Document security implications of check_function_bodies.

author Noah Misch <noah@leadboat.com>

Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)

committer Noah Misch <noah@leadboat.com>

Mon, 17 Feb 2014 14:33:38 +0000 (09:33 -0500)
author Noah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committer Noah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:38 +0000 (09:33 -0500)
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml

index 4791eb124008d96e45728714e00f96b115e9c0ce..f5f340c1f272f56a82cc36124a05b5417b264d77 100644 (file)
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -3967,9 +3967,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
          This parameter is normally on. When set to <literal>off</>, it
          disables validation of the function body string during <xref
          linkend="sql-createfunction"
-        endterm="sql-createfunction-title">. Disabling validation is
-        occasionally useful to avoid problems such as forward references
-        when restoring function definitions from a dump.
+        endterm="sql-createfunction-title">.  Disabling validation avoids side
+        effects of the validation process and avoids false positives due
+        to problems such as forward references.  Set this parameter
+        to <literal>off</> before loading functions on behalf of other
+        users; <application>pg_dump</> does so automatically.
         </para>
        </listitem>
       </varlistentry>
author	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committer	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:38 +0000 (09:33 -0500)