Re: Temporary Views
| От | Tom Lane |
|---|---|
| Тема | Re: Temporary Views |
| Дата | |
| Msg-id | 1962.1029278196@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Temporary Views (Hannu Krosing <hannu@tm.ee>) |
| Ответы |
Re: Temporary Views
|
| Список | pgsql-hackers |
Hannu Krosing <hannu@tm.ee> writes:
> It seems to be a broken view not security risk in 7.2.1
The implementation of temp tables has changed completely in CVS tip,
so experiments with 7.2 aren't very relevant. In CVS tip I believe
you *could* read the contents of someone else's temp table, assuming
you had permissions to read the view. However, you'd not be guaranteed
to get up-to-date information, since the guy who actually owns the temp
table would be using his local-buffer manager for access to it; there
might be many pages that you'd see stale information from because the
only up-to-date copy is in local memory of the owning backend.
I see some potential for confusion here, but not really any
crash-the-database scenarios. I also do not see a security risk:
you did grant the other guy read permission on your view, after all.
regards, tom lane
В списке pgsql-hackers по дате отправления: