Re: Multivariate MCV stats can leak data to unprivileged users

Greetings,

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> writes:
> > On Sat, May 18, 2019 at 03:45:11PM -0400, Tom Lane wrote:
> >> Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> writes:
> >>> But that's not an issue intruduced by PG12, it works like that even for
> >>> the extended statistics introduced in PG10.
>
> >> Yeah, but no time like the present to fix it if it's wrong ...
>
> > Sorry, not sure I understand. Are you saying we should try to rework
> > this before the beta1 release, or that we don't have time to do that?
>
> > I think we have four options - rework it before beta1, rework it after
> > beta1, rework it in PG13 and leave it as it is now.
>
> Yup, that's about what the options are. I'm just voting against
> "change it in v13". If we're going to change it, then the fewer
> major versions that have the bogus definition the better --- and
> since we're changing that catalog in v12 anyway, users will see
> fewer distinct behaviors if we do this change too.
>
> It's very possibly too late to get it done before beta1,
> unfortunately. But as Andres noted, post-beta1 catversion
> bumps are hardly unusual, so I do not think "rework after
> beta1" is unacceptable.

Agreed.

Thanks,

Stephen