mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-24 18:55:04 +08:00
Link some tables into the surrounding text by their id
This commit is contained in:
parent
04be7ac271
commit
a3b681f0bc
@ -55,7 +55,8 @@
|
|||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The following functions are provided:
|
The provided functions are shown
|
||||||
|
in <xref linkend="earthdistance-cube-functions">.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="earthdistance-cube-functions">
|
<table id="earthdistance-cube-functions">
|
||||||
@ -148,7 +149,8 @@
|
|||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
A single operator is provided:
|
A single operator is provided, shown
|
||||||
|
in <xref linkend="earthdistance-point-operators">.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="earthdistance-point-operators">
|
<table id="earthdistance-point-operators">
|
||||||
|
@ -85,6 +85,12 @@ key => NULL
|
|||||||
<sect2>
|
<sect2>
|
||||||
<title><type>hstore</> Operators and Functions</title>
|
<title><type>hstore</> Operators and Functions</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The operators provided by the <literal>hstore</literal> module are
|
||||||
|
shown in <xref linkend="hstore-op-table">, the functions
|
||||||
|
in <xref linkend="hstore-func-table">.
|
||||||
|
</para>
|
||||||
|
|
||||||
<table id="hstore-op-table">
|
<table id="hstore-op-table">
|
||||||
<title><type>hstore</> Operators</title>
|
<title><type>hstore</> Operators</title>
|
||||||
|
|
||||||
|
@ -27,6 +27,12 @@
|
|||||||
<sect2>
|
<sect2>
|
||||||
<title><filename>intarray</> Functions and Operators</title>
|
<title><filename>intarray</> Functions and Operators</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The functions provided by the <filename>intarray</filename> module
|
||||||
|
are shown in <xref linkend="intarray-func-table">, the operators
|
||||||
|
in <xref linkend="intarray-op-table">.
|
||||||
|
</para>
|
||||||
|
|
||||||
<table id="intarray-func-table">
|
<table id="intarray-func-table">
|
||||||
<title><filename>intarray</> Functions</title>
|
<title><filename>intarray</> Functions</title>
|
||||||
|
|
||||||
|
@ -385,63 +385,70 @@ PGconn *PQconnectdbParams(const char **keywords, const char **values, int expand
|
|||||||
This option determines whether or with what priority a secure
|
This option determines whether or with what priority a secure
|
||||||
<acronym>SSL</> TCP/IP connection will be negotiated with the
|
<acronym>SSL</> TCP/IP connection will be negotiated with the
|
||||||
server. There are six modes:
|
server. There are six modes:
|
||||||
</para>
|
|
||||||
|
|
||||||
<table id="libpq-connect-sslmode-options">
|
|
||||||
<title><literal>sslmode</literal> Options</title>
|
|
||||||
<tgroup cols="2">
|
|
||||||
<thead>
|
|
||||||
<row>
|
|
||||||
<entry>Option</entry>
|
|
||||||
<entry>Description</entry>
|
|
||||||
</row>
|
|
||||||
</thead>
|
|
||||||
|
|
||||||
<tbody>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>disable</></entry>
|
|
||||||
<entry>only try a non-<acronym>SSL</> connection</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>allow</></entry>
|
|
||||||
<entry>first try a non-<acronym>SSL</>
|
|
||||||
connection; if that fails, try an <acronym>SSL</>
|
|
||||||
connection</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>prefer</> (default)</entry>
|
|
||||||
<entry>first try an <acronym>SSL</> connection; if
|
|
||||||
that fails, try a non-<acronym>SSL</>
|
|
||||||
connection</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>require</></entry>
|
|
||||||
<entry>only try an <acronym>SSL</> connection</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>verify-ca</></entry>
|
|
||||||
<entry>only try an <acronym>SSL</> connection, and verify that
|
|
||||||
the server certificate is issued by a trusted certificate
|
|
||||||
authority (<acronym>CA</>)</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
<row>
|
|
||||||
<entry><literal>verify-full</></entry>
|
|
||||||
<entry>only try an <acronym>SSL</> connection, verify that
|
|
||||||
the server certificate is issued by a trusted <acronym>CA</> and
|
|
||||||
that the server host name matches that in the certificate</entry>
|
|
||||||
</row>
|
|
||||||
|
|
||||||
</tbody>
|
|
||||||
</tgroup>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>disable</literal></term>
|
||||||
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
|
only try a non-<acronym>SSL</> connection
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>allow</literal></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
first try a non-<acronym>SSL</> connection; if that
|
||||||
|
fails, try an <acronym>SSL</> connection
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>prefer</literal> (default)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
first try an <acronym>SSL</> connection; if that fails,
|
||||||
|
try a non-<acronym>SSL</> connection
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>require</literal></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
only try an <acronym>SSL</> connection
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>verify-ca</literal></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
only try an <acronym>SSL</> connection, and verify that
|
||||||
|
the server certificate is issued by a trusted
|
||||||
|
certificate authority (<acronym>CA</>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>verify-full</literal></term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
only try an <acronym>SSL</> connection, verify that the
|
||||||
|
server certificate is issued by a
|
||||||
|
trusted <acronym>CA</> and that the server host name
|
||||||
|
matches that in the certificate
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
See <xref linkend="libpq-ssl"> for a detailed description of how
|
See <xref linkend="libpq-ssl"> for a detailed description of how
|
||||||
these options work.
|
these options work.
|
||||||
</para>
|
</para>
|
||||||
@ -6773,30 +6780,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
|||||||
The different values for the <literal>sslmode</> parameter provide different
|
The different values for the <literal>sslmode</> parameter provide different
|
||||||
levels of protection. SSL can provide
|
levels of protection. SSL can provide
|
||||||
protection against three types of attacks:
|
protection against three types of attacks:
|
||||||
</para>
|
|
||||||
<table id="libpq-ssl-protect-attacks">
|
|
||||||
<title>SSL Attacks</title>
|
|
||||||
<tgroup cols="2">
|
|
||||||
<thead>
|
|
||||||
<row>
|
|
||||||
<entry>Type</entry>
|
|
||||||
<entry>Description</entry>
|
|
||||||
</row>
|
|
||||||
</thead>
|
|
||||||
|
|
||||||
<tbody>
|
<variablelist>
|
||||||
<row>
|
<varlistentry>
|
||||||
<entry>Eavesdropping</entry>
|
<term>Eavesdropping</term>
|
||||||
<entry>If a third party can examine the network traffic between the
|
<listitem>
|
||||||
|
<para>If a third party can examine the network traffic between the
|
||||||
client and the server, it can read both connection information (including
|
client and the server, it can read both connection information (including
|
||||||
the user name and password) and the data that is passed. <acronym>SSL</>
|
the user name and password) and the data that is passed. <acronym>SSL</>
|
||||||
uses encryption to prevent this.
|
uses encryption to prevent this.
|
||||||
</entry>
|
</para>
|
||||||
</row>
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<row>
|
<varlistentry>
|
||||||
<entry>Man in the middle (<acronym>MITM</>)</entry>
|
<term>Man in the middle (<acronym>MITM</>)</term>
|
||||||
<entry>If a third party can modify the data while passing between the
|
<listitem>
|
||||||
|
<para>If a third party can modify the data while passing between the
|
||||||
client and server, it can pretend to be the server and therefore see and
|
client and server, it can pretend to be the server and therefore see and
|
||||||
modify data <emphasis>even if it is encrypted</>. The third party can then
|
modify data <emphasis>even if it is encrypted</>. The third party can then
|
||||||
forward the connection information and data to the original server,
|
forward the connection information and data to the original server,
|
||||||
@ -6805,21 +6805,23 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
|||||||
to a different server than intended. There are also several other
|
to a different server than intended. There are also several other
|
||||||
attack methods that can accomplish this. <acronym>SSL</> uses certificate
|
attack methods that can accomplish this. <acronym>SSL</> uses certificate
|
||||||
verification to prevent this, by authenticating the server to the client.
|
verification to prevent this, by authenticating the server to the client.
|
||||||
</entry>
|
</para>
|
||||||
</row>
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<row>
|
<varlistentry>
|
||||||
<entry>Impersonation</entry>
|
<term>Impersonation</term>
|
||||||
<entry>If a third party can pretend to be an authorized client, it can
|
<listitem>
|
||||||
|
<para>If a third party can pretend to be an authorized client, it can
|
||||||
simply access data it should not have access to. Typically this can
|
simply access data it should not have access to. Typically this can
|
||||||
happen through insecure password management. <acronym>SSL</> uses
|
happen through insecure password management. <acronym>SSL</> uses
|
||||||
client certificates to prevent this, by making sure that only holders
|
client certificates to prevent this, by making sure that only holders
|
||||||
of valid certificates can access the server.
|
of valid certificates can access the server.
|
||||||
</entry>
|
</para>
|
||||||
</row>
|
</listitem>
|
||||||
</tbody>
|
</varlistentry>
|
||||||
</tgroup>
|
</variablelist>
|
||||||
</table>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
For a connection to be known secure, SSL usage must be configured
|
For a connection to be known secure, SSL usage must be configured
|
||||||
@ -6844,9 +6846,9 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
|||||||
<para>
|
<para>
|
||||||
All <acronym>SSL</> options carry overhead in the form of encryption and
|
All <acronym>SSL</> options carry overhead in the form of encryption and
|
||||||
key-exchange, so there is a tradeoff that has to be made between performance
|
key-exchange, so there is a tradeoff that has to be made between performance
|
||||||
and security. The following table illustrates the risks the different
|
and security. <xref linkend="libpq-ssl-sslmode-statements">
|
||||||
<literal>sslmode</> values protect against, and what statement they make
|
illustrates the risks the different <literal>sslmode</> values
|
||||||
about security and overhead:
|
protect against, and what statement they make about security and overhead.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="libpq-ssl-sslmode-statements">
|
<table id="libpq-ssl-sslmode-statements">
|
||||||
@ -6942,6 +6944,12 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*)
|
|||||||
|
|
||||||
<sect2 id="libpq-ssl-fileusage">
|
<sect2 id="libpq-ssl-fileusage">
|
||||||
<title>SSL Client File Usage</title>
|
<title>SSL Client File Usage</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
<xref linkend="libpq-ssl-file-usage"> summarizes the files that are
|
||||||
|
relevant to the SSL setup on the client.
|
||||||
|
</para>
|
||||||
|
|
||||||
<table id="libpq-ssl-file-usage">
|
<table id="libpq-ssl-file-usage">
|
||||||
<title>Libpq/Client SSL File Usage</title>
|
<title>Libpq/Client SSL File Usage</title>
|
||||||
<tgroup cols="3">
|
<tgroup cols="3">
|
||||||
|
@ -182,8 +182,8 @@ Europe & Russia*@ & !Transportation
|
|||||||
<literal>=</>, <literal><></literal>,
|
<literal>=</>, <literal><></literal>,
|
||||||
<literal><</>, <literal>></>, <literal><=</>, <literal>>=</>.
|
<literal><</>, <literal>></>, <literal><=</>, <literal>>=</>.
|
||||||
Comparison sorts in the order of a tree traversal, with the children
|
Comparison sorts in the order of a tree traversal, with the children
|
||||||
of a node sorted by label text. In addition, there are the following
|
of a node sorted by label text. In addition, the specialized
|
||||||
specialized operators:
|
operators shown in <xref linkend="ltree-op-table"> are available.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="ltree-op-table">
|
<table id="ltree-op-table">
|
||||||
@ -362,7 +362,7 @@ Europe & Russia*@ & !Transportation
|
|||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The following functions are available:
|
The available functions are shown in <xref linkend="ltree-func-table">.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="ltree-func-table">
|
<table id="ltree-func-table">
|
||||||
|
@ -1357,9 +1357,10 @@ SELECT pg_stat_get_backend_pid(s.backendid) AS procpid,
|
|||||||
|
|
||||||
<para>
|
<para>
|
||||||
A number of standard probes are provided in the source code,
|
A number of standard probes are provided in the source code,
|
||||||
as shown in <xref linkend="dtrace-probe-point-table">.
|
as shown in <xref linkend="dtrace-probe-point-table">;
|
||||||
More can certainly be added to enhance <productname>PostgreSQL</>'s
|
<xref linkend="typedefs-table">
|
||||||
observability.
|
shows the types used in the probes. More probes can certainly be
|
||||||
|
added to enhance <productname>PostgreSQL</>'s observability.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="dtrace-probe-point-table">
|
<table id="dtrace-probe-point-table">
|
||||||
|
@ -43,6 +43,12 @@
|
|||||||
<sect2>
|
<sect2>
|
||||||
<title>Functions and Operators</title>
|
<title>Functions and Operators</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The functions provided by the <filename>pg_trgm</filename> module
|
||||||
|
are shown in <xref linkend="pgtrgm-func-table">, the operators
|
||||||
|
in <xref linkend="pgtrgm-op-table">.
|
||||||
|
</para>
|
||||||
|
|
||||||
<table id="pgtrgm-func-table">
|
<table id="pgtrgm-func-table">
|
||||||
<title><filename>pg_trgm</filename> Functions</title>
|
<title><filename>pg_trgm</filename> Functions</title>
|
||||||
<tgroup cols="3">
|
<tgroup cols="3">
|
||||||
|
@ -2097,11 +2097,10 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
|
|||||||
|
|
||||||
<sect2 id="ssl-server-files">
|
<sect2 id="ssl-server-files">
|
||||||
<title>SSL Server File Usage</title>
|
<title>SSL Server File Usage</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The files <filename>server.key</>, <filename>server.crt</>,
|
<xref linkend="ssl-file-usage"> summarizes the files that are
|
||||||
<filename>root.crt</filename>, and <filename>root.crl</filename>
|
relevant to the SSL setup on the server.
|
||||||
are only examined during server start; so you must restart
|
|
||||||
the server for changes in them to take effect.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="ssl-file-usage">
|
<table id="ssl-file-usage">
|
||||||
@ -2146,6 +2145,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
|
|||||||
</tbody>
|
</tbody>
|
||||||
</tgroup>
|
</tgroup>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The files <filename>server.key</>, <filename>server.crt</>,
|
||||||
|
<filename>root.crt</filename>, and <filename>root.crl</filename>
|
||||||
|
are only examined during server start; so you must restart
|
||||||
|
the server for changes in them to take effect.
|
||||||
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2 id="ssl-certificate-creation">
|
<sect2 id="ssl-certificate-creation">
|
||||||
|
@ -1799,7 +1799,7 @@ LIMIT 10;
|
|||||||
|
|
||||||
<para>
|
<para>
|
||||||
The built-in parser is named <literal>pg_catalog.default</>.
|
The built-in parser is named <literal>pg_catalog.default</>.
|
||||||
It recognizes 23 token types:
|
It recognizes 23 token types, shown in <xref linkend="textsearch-default-parser">.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<table id="textsearch-default-parser">
|
<table id="textsearch-default-parser">
|
||||||
|
Loading…
Reference in New Issue
Block a user