| From: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Stark <gsstark(at)mit(dot)edu>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, sfrost(at)snowman(dot)net |
| Subject: | Re: [RFC] A tackle to the leaky VIEWs for RLS |
| Date: | 2010-06-01 21:22:39 |
| Message-ID: | AANLkTikL967mX1c6bG7iXj9SwTw0-uL2LnrQA_6ER-u7@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jun 1, 2010 at 4:57 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Tue, Jun 1, 2010 at 4:10 PM, Merlin Moncure <mmoncure(at)gmail(dot)com> wrote:
>> have you ruled out: 'create function'? :-)
>
> You lost me...
Well, as noted by the OP, using views for security in postgres is
simply wishful thinking. This is part of a family of issues
(generally not evil nor fixable) under the category of 'there is no
real control over when functions in a query fire'.
My point was that in cases where users expect this behavior, why not
encourage them to use functions instead of views? Is there any formal
expectation that views can be used to hide data in this way? Does
this really have to be fixed, and if so should it be in light of the
fact that our rule system is basically understood to be broken?
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2010-06-01 21:52:57 | Re: [COMMITTERS] pgsql: PGDLLEXPORT is __declspec (dllexport) only on MSVC, but is |
| Previous Message | Robert Haas | 2010-06-01 20:57:34 | Re: [RFC] A tackle to the leaky VIEWs for RLS |