Re: Using views for row-level access control is leaky

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Using views for row-level access control is leaky
Дата
Msg-id 9939.1256306669@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Using views for row-level access control is leaky  (Simon Riggs <simon@2ndQuadrant.com>)
Ответы Re: Using views for row-level access control is leaky  (David Fetter <david@fetter.org>)
Re: Using views for row-level access control is leaky  (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>)
Re: Using views for row-level access control is leaky  (Simon Riggs <simon@2ndQuadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
Simon Riggs <simon@2ndQuadrant.com> writes:
> On Fri, 2009-10-23 at 19:38 +0900, KaiGai Kohei wrote:
>> Sorry, what is happen if function is marked as "plan security"?

> I was suggesting an intelligent default by which we could determine
> function marking implicitly, if it was not explicitly stated on the
> CREATE FUNCTION.

The thought that's been in the back of my mind is that you could solve
99% of the performance problem if you trusted all builtin functions and
nothing else.  This avoids the question of who gets to mark functions
as trustable.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: plpgsql EXECUTE will not set FOUND
Следующее
От: Robert Haas
Дата:
Сообщение: Re: plpgsql EXECUTE will not set FOUND