| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Marc Munro <marc(at)bloodnok(dot)com> |
| Subject: | Re: Using views for row-level access control is leaky |
| Date: | 2009-10-22 11:19:19 |
| Message-ID: | 4AE03FB7.5050102@archonet.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Pavel Stehule wrote:
> 2009/10/22 Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>:
>> That example I ran on CVS HEAD, but it's a generic problem on all versions.
> postgres=# select version();
> version
> ────────────────────────────────────────────────────────────────────────────────────
> PostgreSQL 8.5devel on i686-pc-linux-gnu, compiled by GCC gcc (GCC)
> 4.4.1 20090725
> (1 row)
>
> postgres=# select * from x;
> a │ b
> ────┼────
> 10 │ 20
> (1 row)
>
> postgres=# create view v as select * from x where b <> 20;
^^^^^^^
This is the expression that needs to be expensive. Then the exposing
function needs to be cheap. That makes the planner run the exposing
function first.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2009-10-22 11:26:06 | Re: Using views for row-level access control is leaky |
| Previous Message | Pavel Stehule | 2009-10-22 11:15:11 | Re: Using views for row-level access control is leaky |