| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Kevin Grittner <kgrittn(at)mail(dot)com> |
| Cc: | Andres Freund <andres(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Review of Row Level Security |
| Date: | 2012-12-19 20:55:19 |
| Message-ID: | CA+U5nMJJ4MB2eGrRs24Ych8jOfedboDGJiOQuYLyHaJdz=M5GQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 19 December 2012 20:37, Kevin Grittner <kgrittn(at)mail(dot)com> wrote:
> Andres Freund wrote:
>
>> I don't think it is that simple. Allowing inserts without regard for row
>> level restrictions makes it far easier to probe for data. E.g. by
>> inserting rows and checking for unique violations.
>
> Unless you want to go to a military-style security level system
> where people at each security level have a separate version of the
> same data, primary keys (and I think other unique constraints) can
> leak. It seems clear enough that sensitive data should not be used
> for such constraints.
But there is the more obvious case where you shouldn't be able to
insert medical history for a patient you have no responsibility for.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2012-12-19 21:00:13 | Re: too much pgbench init output |
| Previous Message | Simon Riggs | 2012-12-19 20:49:07 | Re: Review of Row Level Security |