Quick Links

Re: [RFC] A tackle to the leaky VIEWs for RLS

From:	Greg Stark <gsstark(at)mit(dot)edu>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, heikki(dot)linnakangas(at)enterprisedb(dot)com, sfrost(at)snowman(dot)net
Subject:	Re: [RFC] A tackle to the leaky VIEWs for RLS
Date:	2010-06-01 13:53:16
Message-ID:	AANLkTimsopckZ2cdINs5kucuTq-lmrtcUSmtiF6T2dA4@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Also incidentally I'm having trouble imagining a scenario where this
really matters. For it to be an issue you would have to simultaneously
have a user which can't access all the data and must go through views
which limit the data he can access -- and has privileges to issue DDL
to create functions and operators. That seems like an unlikely
combination. I've seen views used before to restrict the role accounts
used by front-end applications but those accounts have no DDL
privileges.

In response to

Re: [RFC] A tackle to the leaky VIEWs for RLS at 2010-06-01 13:09:30 from Robert Haas

Responses

Re: [RFC] A tackle to the leaky VIEWs for RLS at 2010-06-01 16:39:20 from Stephen Frost

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2010-06-01 14:21:12	Re: is_absolute_path incorrect on Windows
Previous Message	Robert Haas	2010-06-01 13:45:29	Re: Trigger function in a multi-threaded environment behavior