Re: leaky views, yet again
| От | Robert Haas |
|---|---|
| Тема | Re: leaky views, yet again |
| Дата | |
| Msg-id | AANLkTikUGY2-3OX0bbZoDxiTnc+P1z7xr5Mnp+14x4jE@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: leaky views, yet again (KaiGai Kohei <kaigai@ak.jp.nec.com>) |
| Список | pgsql-hackers |
2010/7/21 KaiGai Kohei <kaigai@ak.jp.nec.com>: > (2010/07/20 2:13), Heikki Linnakangas wrote: >> On 09/07/10 06:47, KaiGai Kohei wrote: >>> When leaky and non-leaky functions are chained within a WHERE clause, >>> it will be ordered by the cost of functions. So, we have possibility >>> that leaky functions are executed earlier than non-leaky functions. >> >> No, that needs to be forbidden as part of the fix. Leaky functions must >> not be executed before all the quals from the view are evaluated. >> > > IIUC, a view is extracted to a subquery in the rewriter phase, then it > can be pulled up to join clause at pull_up_subqueries(). In this case, > WHERE clause may have the quals come from different origins, isn't it? > > E.g) > SELECT * FROM v1 WHERE f_malicious(v1.a); > > At the rewriter: > -> SELECT v1.* FROM (SELECT * FROM t1 WHERE f_policy(t1.b)) v1 WHERE f_malicious(v1.a); > > At the pull_up_subqueries() > -> SELECT * FROM t1 WHERE f_policy(t1.b) AND f_malicious(t1.a); > ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^ > cost = 100 cost = 0.0001 > > Apart from an idea of secure/leaky function mark, isn't it necessary any > mechanism to enforce f_policy() shall be executed earlier than f_malicious()? I think you guys are in fact agreeing with each other. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company
В списке pgsql-hackers по дате отправления: