Re: [v9.2] Fix leaky-view problem, part 2
| От | Noah Misch |
|---|---|
| Тема | Re: [v9.2] Fix leaky-view problem, part 2 |
| Дата | |
| Msg-id | 20110720144302.GG14580@tornado.leadboat.com обсуждение исходный текст |
| Ответ на | Re: [v9.2] Fix leaky-view problem, part 2 (Yeb Havinga <yebhavinga@gmail.com>) |
| Список | pgsql-hackers |
On Wed, Jul 20, 2011 at 04:23:10PM +0200, Yeb Havinga wrote: > On 2011-07-20 16:15, Yeb Havinga wrote: >> On 2011-07-20 16:06, Noah Misch wrote: >>> >>> The SQL-level semantics of the view define the access rules in >>> question. How >>> would you translate that into tests to apply at a lower level? >> I assumed the leaky view thread was about row level security, not >> about access rules to views, since it was mentioned at the RLS wiki >> page for se-pgsql. Sorry for the confusion. > Had to digg a bit for the wiki, it was this one : > http://wiki.postgresql.org/wiki/RLS#Issue:_A_leaky_VIEWs_for_RLS It is about row-level security, broadly. These patches close the hazard described in the latter half of this page: http://www.postgresql.org/docs/9.0/static/rules-privileges.html In the example given there, "phone NOT LIKE '412%'" is the (row-level) access rule that needs to apply before any possibly-leaky function sees the tuple. -- Noah Misch http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: