From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
---|---|
To: | Rod Taylor <rod(dot)taylor(at)gmail(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Marc Munro <marc(at)bloodnok(dot)com> |
Subject: | Re: Using views for row-level access control is leaky |
Date: | 2009-10-23 11:40:03 |
Message-ID: | 4AE19613.60500@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Rod Taylor wrote:
> This still allow many optimizations to be applied in complex cases. The planner
>
> CREATE VIEW phone_number AS
> SELECT person, phone, company
> FROM phone_data USING SECURITY FILTER(phone NOT LIKE '6%')
> JOIN person USING (person_id)
> JOIN company USING (company_id)
> AND person.active AND company.active;
Well, you can also achieve that by creating two views, one to hide the
sensitive data and another to do the join:
CREATE VIEW not6_numbers AS
SELECT phone FROM phone_data WHERE phone NOT LIKE '6%';
CREATE VIEW phone_number AS
SELECT person, phone, company FROM not6_numbers
JOIN person USING (person_id)
JOIN company USING (company_id)
WHERE person.active AND company.active;
So I don't think we should invent new syntax for that. The 1st view
would be marked with SECURE if we end up using that explicit annotation
in CREATE VIEW.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Richard Huxton | 2009-10-23 12:07:03 | Re: Using views for row-level access control is leaky |
Previous Message | Heikki Linnakangas | 2009-10-23 11:30:13 | Re: Using views for row-level access control is leaky |