Re: [PATCH] Fix leaky VIEWs for RLS
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: [PATCH] Fix leaky VIEWs for RLS |
| Дата | |
| Msg-id | 4C0C965B.2040902@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: [PATCH] Fix leaky VIEWs for RLS (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: [PATCH] Fix leaky VIEWs for RLS
|
| Список | pgsql-hackers |
On 07/06/10 06:06, Stephen Frost wrote: > Also, perhaps I'm not being paranoid enough, but all this concern over > error cases really doesn't really worry me that much. The amount of > data one could acquire that way is pretty limited. It's not limited. It allows you to read all contents of the underlying table or tables. I don't see much point doing anything at all if we don't plug that. There's many side channels like exposing row counts in EXPLAIN and statistics and timing attacks, that are not as critical, because they don't let expose all data, and the attacker can't accurately choose what data is exposed. Those are not as important. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: