Re: [PATCH] Fix leaky VIEWs for RLS
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: [PATCH] Fix leaky VIEWs for RLS |
| Дата | |
| Msg-id | 4C08F0F4.90104@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: [PATCH] Fix leaky VIEWs for RLS (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [PATCH] Fix leaky VIEWs for RLS
|
| Список | pgsql-hackers |
On 04/06/10 07:57, Tom Lane wrote: > KaiGai Kohei<kaigai@ak.jp.nec.com> writes: >> (2010/06/04 11:55), Robert Haas wrote: >>> A (very) important part of this problem is determining which quals are >>> safe to push down. >>> >> At least, I don't have an idea to distinguish trusted functions from >> others without any additional hints, because we support variable kind >> of PL languages. :( > > The proposal some time back in this thread was to trust all built-in > functions and no others. I thought I debunked that idea already (http://archives.postgresql.org/pgsql-hackers/2009-10/msg01428.php). Not all built-in functions are safe. Consider casting integer to text, for example. Seems innocent at first glance, but it's not; if the input is not a valid integer, it throws an error which contains the input string, revealing it. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: