| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Greg Smith <greg(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Largeobject Access Controls (r2460) |
| Date: | 2009-12-11 15:59:04 |
| Message-ID: | 4B226C48.1000201@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian さんは書きました:
> KaiGai Kohei wrote:
>> Takahiro Itagaki wrote:
>>> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:
>>>
>>>> Tom Lane wrote:
>>>>> Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> writes:
>>>>>> <structname>pg_largeobject</structname> should not be readable by the
>>>>>> public, since the catalog contains data in large objects of all users.
>>>>> This is going to be a problem, because it will break applications that
>>>>> expect to be able to read pg_largeobject. Like, say, pg_dump.
>>>> Is it a right behavior, even if we have permission checks on large objects?
>>> Can we use column-level access control here?
>>>
>>> REVOKE ALL ON pg_largeobject FROM PUBLIC;
>>> => GRANT SELECT (loid) ON pg_largeobject TO PUBLIC;
>> Indeed, it seems to me reasonable.
>>
>>> We use "SELECT loid FROM pg_largeobject LIMIT 1" in pg_dump. We could
>>> replace pg_largeobject_metadata instead if we try to fix only pg_dump,
>>> but it's no wonder that any other user applications use such queries.
>>> I think to allow reading loid is a balanced solution.
>> Right, I also remind this query has to be fixed up by other reason right now.
>> If all the large objects are empty, this query can return nothing, even if
>> large object entries are in pg_largeobject_metadata.
>
> "metadata" seems very vague. Can't we come up with a more descriptive
> name?
What about "property"?
The "metadata" was the suggested name from Robert Haas at the last
commit fest, because we may store any other properties of a large
object in this catalog future.
> Also, how will this affect pg_migrator? pg_migrator copies
> pg_largeobject and its index from the old to the new server. Is the
> format inside pg_largeobject changed by this patch?
The format of pg_largeobject was not touched.
> What happens when
> there is no entry in pg_largeobject_metadata for a specific row?
In this case, these rows become orphan.
So, I think we need to create an empty large object with same LOID on
pg_migrator. It makes an entry on pg_largeobject_metadata without
writing anything to the pg_largeobject.
I guess rest of migrations are not difference. Correct?
Thanks,
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bernd Helmle | 2009-12-11 16:13:38 | Re: [PATCH] dtrace probes for memory manager |
| Previous Message | Bruce Momjian | 2009-12-11 15:39:22 | Re: Largeobject Access Controls (r2460) |