Re: Updates of SE-PostgreSQL 8.4devel patches

"Robert Haas" <robertmhaas@gmail.com> writes:
> I think you have to resign yourself to the fact that a user who can
> see only a subset of the rows in a table may very well see apparent
> foreign-key violations.  But so what?

So you're leaking information about the rows that they're not supposed
to be able to see.  This is not what I would call national-security-grade
information hiding --- leastwise *I* certainly wouldn't store nuclear
weapon design information in such a database.  The people that the NSA
wants to defend against are more than smart enough, and persistent
enough, to extract information through such loopholes.

I can't escape the lurking suspicion that some bright folk inside the
NSA have spent years thinking about this and have come up with some
reasonably self-consistent definition of row hiding in a SQL database.
But have they published it where we can find it?
        regards, tom lane