Re: Improving RLS qual pushdown

* Alvaro Herrera (alvherre(at)2ndquadrant(dot)com) wrote:
> Robert Haas wrote:
> > On Wed, Jan 14, 2015 at 9:22 AM, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> wrote:
> > > On 14 January 2015 at 13:29, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> > >> One thing they could still leak is the number of times they got
> > >> called, and thus possibly the number of unseen rows. Now if the
> > >> expressions get constant-folded away that won't be an issue, but a
> > >> clever user can probably avoid that.
> > >
> > > Right now, EXPLAIN ANALYSE can be used to tell you the number of
> > > unseen rows. Is that something that people are concerned about, and
> > > are there any plans to change it?
> >
> > Interesting question. I don't know.
>
> Wasn't this part of the "covert channel" discussion that took place way
> before RLS was committed? As I recall, it was argued that such covert
> channels are acceptable as long as their bandwidth is low.

Yes, it was part of the discussion and no, there's no plans to try and
hide row counts in explain analyze, nor to deal with things like unique
constraint or foreign key reference violations.

There are other areas which need improvement which will help address
covert channel activity (better auditing, better control over what
actions are allowed to diffferent users when it comes to creating
objects, modifying permissions and policies, throttling, etc).

Thanks,

Stephen