| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Robert Haas" <robertmhaas(at)gmail(dot)com> |
| Cc: | "Bruce Momjian" <bruce(at)momjian(dot)us>, "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches |
| Date: | 2008-09-26 02:32:24 |
| Message-ID: | 5782.1222396344@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Robert Haas" <robertmhaas(at)gmail(dot)com> writes:
> I think you have to resign yourself to the fact that a user who can
> see only a subset of the rows in a table may very well see apparent
> foreign-key violations. But so what?
So you're leaking information about the rows that they're not supposed
to be able to see. This is not what I would call national-security-grade
information hiding --- leastwise *I* certainly wouldn't store nuclear
weapon design information in such a database. The people that the NSA
wants to defend against are more than smart enough, and persistent
enough, to extract information through such loopholes.
I can't escape the lurking suspicion that some bright folk inside the
NSA have spent years thinking about this and have come up with some
reasonably self-consistent definition of row hiding in a SQL database.
But have they published it where we can find it?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2008-09-26 02:41:02 | Re: Updates of SE-PostgreSQL 8.4devel patches |
| Previous Message | Bruce Momjian | 2008-09-26 02:24:10 | Re: Updates of SE-PostgreSQL 8.4devel patches |