mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-06 15:24:56 +08:00
Link some tables into the surrounding text by their id
This commit is contained in:
parent
04be7ac271
commit
a3b681f0bc
@ -55,7 +55,8 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The following functions are provided:
|
||||
The provided functions are shown
|
||||
in <xref linkend="earthdistance-cube-functions">.
|
||||
</para>
|
||||
|
||||
<table id="earthdistance-cube-functions">
|
||||
@ -148,7 +149,8 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A single operator is provided:
|
||||
A single operator is provided, shown
|
||||
in <xref linkend="earthdistance-point-operators">.
|
||||
</para>
|
||||
|
||||
<table id="earthdistance-point-operators">
|
||||
|
@ -85,6 +85,12 @@ key => NULL
|
||||
<sect2>
|
||||
<title><type>hstore</> Operators and Functions</title>
|
||||
|
||||
<para>
|
||||
The operators provided by the <literal>hstore</literal> module are
|
||||
shown in <xref linkend="hstore-op-table">, the functions
|
||||
in <xref linkend="hstore-func-table">.
|
||||
</para>
|
||||
|
||||
<table id="hstore-op-table">
|
||||
<title><type>hstore</> Operators</title>
|
||||
|
||||
|
@ -27,6 +27,12 @@
|
||||
<sect2>
|
||||
<title><filename>intarray</> Functions and Operators</title>
|
||||
|
||||
<para>
|
||||
The functions provided by the <filename>intarray</filename> module
|
||||
are shown in <xref linkend="intarray-func-table">, the operators
|
||||
in <xref linkend="intarray-op-table">.
|
||||
</para>
|
||||
|
||||
<table id="intarray-func-table">
|
||||
<title><filename>intarray</> Functions</title>
|
||||
|
||||
|
@ -385,63 +385,70 @@ PGconn *PQconnectdbParams(const char **keywords, const char **values, int expand
|
||||
This option determines whether or with what priority a secure
|
||||
<acronym>SSL</> TCP/IP connection will be negotiated with the
|
||||
server. There are six modes:
|
||||
</para>
|
||||
|
||||
<table id="libpq-connect-sslmode-options">
|
||||
<title><literal>sslmode</literal> Options</title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Option</entry>
|
||||
<entry>Description</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>disable</literal></term>
|
||||
<listitem>
|
||||
<para>
|
||||
only try a non-<acronym>SSL</> connection
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<tbody>
|
||||
<varlistentry>
|
||||
<term><literal>allow</literal></term>
|
||||
<listitem>
|
||||
<para>
|
||||
first try a non-<acronym>SSL</> connection; if that
|
||||
fails, try an <acronym>SSL</> connection
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry><literal>disable</></entry>
|
||||
<entry>only try a non-<acronym>SSL</> connection</entry>
|
||||
</row>
|
||||
<varlistentry>
|
||||
<term><literal>prefer</literal> (default)</term>
|
||||
<listitem>
|
||||
<para>
|
||||
first try an <acronym>SSL</> connection; if that fails,
|
||||
try a non-<acronym>SSL</> connection
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry><literal>allow</></entry>
|
||||
<entry>first try a non-<acronym>SSL</>
|
||||
connection; if that fails, try an <acronym>SSL</>
|
||||
connection</entry>
|
||||
</row>
|
||||
<varlistentry>
|
||||
<term><literal>require</literal></term>
|
||||
<listitem>
|
||||
<para>
|
||||
only try an <acronym>SSL</> connection
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry><literal>prefer</> (default)</entry>
|
||||
<entry>first try an <acronym>SSL</> connection; if
|
||||
that fails, try a non-<acronym>SSL</>
|
||||
connection</entry>
|
||||
</row>
|
||||
<varlistentry>
|
||||
<term><literal>verify-ca</literal></term>
|
||||
<listitem>
|
||||
<para>
|
||||
only try an <acronym>SSL</> connection, and verify that
|
||||
the server certificate is issued by a trusted
|
||||
certificate authority (<acronym>CA</>)
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry><literal>require</></entry>
|
||||
<entry>only try an <acronym>SSL</> connection</entry>
|
||||
</row>
|
||||
<varlistentry>
|
||||
<term><literal>verify-full</literal></term>
|
||||
<listitem>
|
||||
<para>
|
||||
only try an <acronym>SSL</> connection, verify that the
|
||||
server certificate is issued by a
|
||||
trusted <acronym>CA</> and that the server host name
|
||||
matches that in the certificate
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<row>
|
||||
<entry><literal>verify-ca</></entry>
|
||||
<entry>only try an <acronym>SSL</> connection, and verify that
|
||||
the server certificate is issued by a trusted certificate
|
||||
authority (<acronym>CA</>)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><literal>verify-full</></entry>
|
||||
<entry>only try an <acronym>SSL</> connection, verify that
|
||||
the server certificate is issued by a trusted <acronym>CA</> and
|
||||
that the server host name matches that in the certificate</entry>
|
||||
</row>
|
||||
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>
|
||||
See <xref linkend="libpq-ssl"> for a detailed description of how
|
||||
these options work.
|
||||
</para>
|
||||
@ -6773,30 +6780,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
||||
The different values for the <literal>sslmode</> parameter provide different
|
||||
levels of protection. SSL can provide
|
||||
protection against three types of attacks:
|
||||
</para>
|
||||
<table id="libpq-ssl-protect-attacks">
|
||||
<title>SSL Attacks</title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Type</entry>
|
||||
<entry>Description</entry>
|
||||
</row>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>Eavesdropping</entry>
|
||||
<entry>If a third party can examine the network traffic between the
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>Eavesdropping</term>
|
||||
<listitem>
|
||||
<para>If a third party can examine the network traffic between the
|
||||
client and the server, it can read both connection information (including
|
||||
the user name and password) and the data that is passed. <acronym>SSL</>
|
||||
uses encryption to prevent this.
|
||||
</entry>
|
||||
</row>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry>Man in the middle (<acronym>MITM</>)</entry>
|
||||
<entry>If a third party can modify the data while passing between the
|
||||
<varlistentry>
|
||||
<term>Man in the middle (<acronym>MITM</>)</term>
|
||||
<listitem>
|
||||
<para>If a third party can modify the data while passing between the
|
||||
client and server, it can pretend to be the server and therefore see and
|
||||
modify data <emphasis>even if it is encrypted</>. The third party can then
|
||||
forward the connection information and data to the original server,
|
||||
@ -6805,21 +6805,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
||||
to a different server than intended. There are also several other
|
||||
attack methods that can accomplish this. <acronym>SSL</> uses certificate
|
||||
verification to prevent this, by authenticating the server to the client.
|
||||
</entry>
|
||||
</row>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<row>
|
||||
<entry>Impersonation</entry>
|
||||
<entry>If a third party can pretend to be an authorized client, it can
|
||||
<varlistentry>
|
||||
<term>Impersonation</term>
|
||||
<listitem>
|
||||
<para>If a third party can pretend to be an authorized client, it can
|
||||
simply access data it should not have access to. Typically this can
|
||||
happen through insecure password management. <acronym>SSL</> uses
|
||||
client certificates to prevent this, by making sure that only holders
|
||||
of valid certificates can access the server.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For a connection to be known secure, SSL usage must be configured
|
||||
@ -6844,9 +6846,9 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
||||
<para>
|
||||
All <acronym>SSL</> options carry overhead in the form of encryption and
|
||||
key-exchange, so there is a tradeoff that has to be made between performance
|
||||
and security. The following table illustrates the risks the different
|
||||
<literal>sslmode</> values protect against, and what statement they make
|
||||
about security and overhead:
|
||||
and security. <xref linkend="libpq-ssl-sslmode-statements">
|
||||
illustrates the risks the different <literal>sslmode</> values
|
||||
protect against, and what statement they make about security and overhead.
|
||||
</para>
|
||||
|
||||
<table id="libpq-ssl-sslmode-statements">
|
||||
@ -6942,6 +6944,12 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
||||
|
||||
<sect2 id="libpq-ssl-fileusage">
|
||||
<title>SSL Client File Usage</title>
|
||||
|
||||
<para>
|
||||
<xref linkend="libpq-ssl-file-usage"> summarizes the files that are
|
||||
relevant to the SSL setup on the client.
|
||||
</para>
|
||||
|
||||
<table id="libpq-ssl-file-usage">
|
||||
<title>Libpq/Client SSL File Usage</title>
|
||||
<tgroup cols="3">
|
||||
|
@ -182,8 +182,8 @@ Europe & Russia*@ & !Transportation
|
||||
<literal>=</>, <literal><></literal>,
|
||||
<literal><</>, <literal>></>, <literal><=</>, <literal>>=</>.
|
||||
Comparison sorts in the order of a tree traversal, with the children
|
||||
of a node sorted by label text. In addition, there are the following
|
||||
specialized operators:
|
||||
of a node sorted by label text. In addition, the specialized
|
||||
operators shown in <xref linkend="ltree-op-table"> are available.
|
||||
</para>
|
||||
|
||||
<table id="ltree-op-table">
|
||||
@ -362,7 +362,7 @@ Europe & Russia*@ & !Transportation
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The following functions are available:
|
||||
The available functions are shown in <xref linkend="ltree-func-table">.
|
||||
</para>
|
||||
|
||||
<table id="ltree-func-table">
|
||||
|
@ -1357,9 +1357,10 @@ SELECT pg_stat_get_backend_pid(s.backendid) AS procpid,
|
||||
|
||||
<para>
|
||||
A number of standard probes are provided in the source code,
|
||||
as shown in <xref linkend="dtrace-probe-point-table">.
|
||||
More can certainly be added to enhance <productname>PostgreSQL</>'s
|
||||
observability.
|
||||
as shown in <xref linkend="dtrace-probe-point-table">;
|
||||
<xref linkend="typedefs-table">
|
||||
shows the types used in the probes. More probes can certainly be
|
||||
added to enhance <productname>PostgreSQL</>'s observability.
|
||||
</para>
|
||||
|
||||
<table id="dtrace-probe-point-table">
|
||||
|
@ -43,6 +43,12 @@
|
||||
<sect2>
|
||||
<title>Functions and Operators</title>
|
||||
|
||||
<para>
|
||||
The functions provided by the <filename>pg_trgm</filename> module
|
||||
are shown in <xref linkend="pgtrgm-func-table">, the operators
|
||||
in <xref linkend="pgtrgm-op-table">.
|
||||
</para>
|
||||
|
||||
<table id="pgtrgm-func-table">
|
||||
<title><filename>pg_trgm</filename> Functions</title>
|
||||
<tgroup cols="3">
|
||||
|
@ -2097,12 +2097,11 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
|
||||
|
||||
<sect2 id="ssl-server-files">
|
||||
<title>SSL Server File Usage</title>
|
||||
<para>
|
||||
The files <filename>server.key</>, <filename>server.crt</>,
|
||||
<filename>root.crt</filename>, and <filename>root.crl</filename>
|
||||
are only examined during server start; so you must restart
|
||||
the server for changes in them to take effect.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<xref linkend="ssl-file-usage"> summarizes the files that are
|
||||
relevant to the SSL setup on the server.
|
||||
</para>
|
||||
|
||||
<table id="ssl-file-usage">
|
||||
<title>SSL Server File Usage</title>
|
||||
@ -2146,6 +2145,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>
|
||||
The files <filename>server.key</>, <filename>server.crt</>,
|
||||
<filename>root.crt</filename>, and <filename>root.crl</filename>
|
||||
are only examined during server start; so you must restart
|
||||
the server for changes in them to take effect.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="ssl-certificate-creation">
|
||||
|
@ -1799,7 +1799,7 @@ LIMIT 10;
|
||||
|
||||
<para>
|
||||
The built-in parser is named <literal>pg_catalog.default</>.
|
||||
It recognizes 23 token types:
|
||||
It recognizes 23 token types, shown in <xref linkend="textsearch-default-parser">.
|
||||
</para>
|
||||
|
||||
<table id="textsearch-default-parser">
|
||||
|
Loading…
Reference in New Issue
Block a user