| From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
|---|---|
| To: | hartmut(dot)holzgraefe(at)gmail(dot)com |
| Cc: | ishii(at)sraoss(dot)co(dot)jp, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Having query cache in core |
| Date: | 2018-05-11 22:13:56 |
| Message-ID: | 20180512.071356.538870750662650753.t-ishii@sraoss.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 11.05.2018 18:01, Tatsuo Ishii wrote:
>> Plus checking username is neccessary (otherwise any user could
>> retrieve a cache for a table lookup which is not permitted by other
>> users).
>
> as the tables a cached query operated on is known anyway -- it's
> needed
> to purge cache entries when table content changes -- schema and table
> level SELECT privileges can be checked ... I'm not fully sure about
> how MySQL handles its column level privileges in that respect,
> something
> I'd need to try out ...
I am not talking about cache invalidation. If a cache entry is created
for a table which is only accessable by user A, the cache entry should
be hit for only A, not someone else. Otherwise it will be a serious
security problem.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2018-05-11 22:18:30 | Re: Having query cache in core |
| Previous Message | Andrew Dunstan | 2018-05-11 21:50:27 | Re: perlcritic: Missing "return" |