Re: Using views for row-level access control is leaky

From: Richard Huxton <dev(at)archonet(dot)com>
To: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
Cc: Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Marc Munro <marc(at)bloodnok(dot)com>
Subject: Re: Using views for row-level access control is leaky
Date: 2009-10-22 11:11:32
Message-ID: 4AE03DE4.9050803@archonet.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Pavel Stehule wrote:
> What version do you have?
>
> I am cannot repeat it.

It will depend on the relative cost of the clauses (though 0.0001 should
have been enough to force it). Try:

CREATE OR REPLACE FUNCTION row_hidden (phone text) RETURNS bool AS $$
BEGIN
RETURN phone LIKE '6%';
END;
$$ LANGUAGE plpgsql COST 999;

CREATE VIEW phone_number AS
SELECT person, phone FROM phone_data WHERE NOT row_hidden(phone);

--
Richard Huxton
Archonet Ltd

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2009-10-22 11:15:11 Re: Using views for row-level access control is leaky
Previous Message Heikki Linnakangas 2009-10-22 11:05:56 Re: Using views for row-level access control is leaky