| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Richard Huxton <dev(at)archonet(dot)com> |
| Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Marc Munro <marc(at)bloodnok(dot)com> |
| Subject: | Re: Using views for row-level access control is leaky |
| Date: | 2009-10-22 11:26:06 |
| Message-ID: | 162867790910220426k7587f216k64e635d8867df2e6@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/10/22 Richard Huxton <dev(at)archonet(dot)com>:
> Pavel Stehule wrote:
>> 2009/10/22 Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>:
>>> That example I ran on CVS HEAD, but it's a generic problem on all versions.
>> postgres=# select version();
>> version
>> ────────────────────────────────────────────────────────────────────────────────────
>> PostgreSQL 8.5devel on i686-pc-linux-gnu, compiled by GCC gcc (GCC)
>> 4.4.1 20090725
>> (1 row)
>>
>> postgres=# select * from x;
>> a │ b
>> ────┼────
>> 10 │ 20
>> (1 row)
>>
>> postgres=# create view v as select * from x where b <> 20;
> ^^^^^^^
> This is the expression that needs to be expensive. Then the exposing
> function needs to be cheap. That makes the planner run the exposing
> function first.
>
postgres=# create or replace function vv(int, int) returns bool as
$$begin raise notice '% %', $1, $2; return true; end$$ language
plpgsql COST 0.000001;
CREATE FUNCTION
postgres=# select * from v where vv(a,b);NOTICE: 10 20
a │ b
───┼───
(0 rows)
still I have not bad result, but, yes, I see what I could not to see.
Pavel
> --
> Richard Huxton
> Archonet Ltd
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2009-10-22 11:26:10 | Re: Using views for row-level access control is leaky |
| Previous Message | Richard Huxton | 2009-10-22 11:19:19 | Re: Using views for row-level access control is leaky |