Re: Is this a bug, possible security hole, or wrong
| От | Mike Mascari |
|---|---|
| Тема | Re: Is this a bug, possible security hole, or wrong |
| Дата | |
| Msg-id | 3D08A6C2.67679A9E@mascari.com обсуждение исходный текст |
| Ответ на | Is this a bug, possible security hole, or wrong assumption? (Mike Mascari <mascarm@mascari.com>) |
| Ответы |
Re: Is this a bug, possible security hole, or wrong
|
| Список | pgsql-general |
I wrote: > > Tom Lane wrote: > > > > You're essentially asking for a guarantee about the order of evaluation > > of WHERE clauses. There is no such guarantee, and won't be because it > > would be a crippling blow to performance. > > It seems to me that the condition which must be satisfied is this: > > If the attribute of a view is used in a user-defined function, then the > conditional expressions associated with the WHERE condition of the view > *must* be evaluated before the user-defined function is called (if > ever). That would not limit the use of an index scan in the above > example. Other RDBMS allow for both server-side functions and the use of > views for security. I apologize. The pg_stat_activity view is a good example of using views atop functions to provide security. Its not exactly obvious, but it can be done. And with the SRFs coming, I suppose fixing views is a pretty low priority... Mike Mascari mascarm@mascari.com
В списке pgsql-general по дате отправления: