On Thu, Dec 22, 2011 at 4:17 PM, Robert Haas <rhaas(at)postgresql(dot)org> wrote:
> Add a security_barrier option for views.
you have some docs typos here, for the rest: cool.
+ This clause specifies optional parameters for a view; currently, the
+ only suppored parameter name is <literal>security_barrier</literal>,
should say "supported parameter"
+ the view. This prevents maliciously-chosen functions and operators from
+ being invoked on rows until afterthe view has done its work. For
should say "until after the view"?
+ in the limited sense that the contents of the invisible tuples will not
+ passed to possibly-insecure functions. The user may well have other means
should say "will not be passed"?
Jaime Casanova www.2ndQuadrant.com
Professional PostgreSQL: Soporte 24x7 y capacitación
In response to
pgsql-committers by date
|Next:||From: Tom Lane||Date: 2011-12-22 22:09:54|
|Subject: Re: pgsql: Add a security_barrier option for views. |
|Previous:||From: Alvaro Herrera||Date: 2011-12-22 21:49:01|
|Subject: Re: pgsql: Add a security_barrier option for views.|