From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Row Level Security − leakproof-ness and performance implications |
Date: | 2019-03-18 20:13:56 |
Message-ID: | 3c272ee1-8b82-0538-96b8-6da10c193528@joeconway.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 3/18/19 3:52 PM, Peter Eisentraut wrote:
> On 2019-02-28 00:03, Joe Conway wrote:
>> What if we provided an option to redact all client messages (leaving
>> logged messages as-is). Separately we could provide a GUC to force all
>> functions to be resolved as leakproof. Depending on your requirements,
>> having both options turned on could be perfectly acceptable.
>
> There are two commit fest entries for this thread, one in Pierre's name
> and one in yours. Is your entry for the error message redacting
> functionality? I think that approach has been found not to actually
> satisfy the leakproofness criteria.
It is a matter of opinion with regard to what the criteria actually is,
and when it ought to apply. But in any case the clear consensus was
against me, so I guess I'll assume "my patch was rejected by PostgreSQL
all I got was this tee shirt" (...I know I have one that says something
like that somewhere...) ;-)
I have no idea what the other entry is all about as I have not had the
time to look.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Banck | 2019-03-18 20:15:42 | Re: Online verification of checksums |
Previous Message | Tom Lane | 2019-03-18 20:11:30 | Re: Rare SSL failures on eelpout |