Re: leaky views, yet again
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: leaky views, yet again |
| Дата | |
| Msg-id | 4CAD6283.4090908@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: leaky views, yet again (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: leaky views, yet again
|
| Список | pgsql-hackers |
On 07.10.2010 06:39, Robert Haas wrote: > On Tue, Oct 5, 2010 at 3:42 PM, Tom Lane<tgl@sss.pgh.pa.us> wrote: >> Right, *column* filtering seems easy and entirely secure. The angst >> here is about row filtering. Can we have a view in which users can see >> the values of a column for some rows, with perfect security that they >> can't identify values for the hidden rows? The stronger form is that >> they shouldn't even be able to tell that hidden rows exist, which is >> something your view doesn't try to do; but there are at least some >> applications where that would be desirable. > > I took a crack at documenting the current behavior; see attached. Looks good. It gives the impression that you need to be able to a create custom function to exploit, though. It would be good to mention that internal functions can be used too, revoking access to CREATE FUNCTION does not make you safe. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: