| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Row-Level Security |
| Date: | 2009-12-15 03:32:20 |
| Message-ID: | 603c8f070912141932k3ed0621cqc1051dfbf92a329f@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/12/14 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> IIRC, one headache issue is that user may provide well indexable conditions,
> such as "SELECT * FROM view_x WHERE id = 1234". In this case, if we strictly
> keep the order of evaluation between inside and outside of the view, its
> performance penalty will over reasonable tradeoff to the better security.
If you don't allow the indexable qual to be pushed down into the view
in this situation, performance will be wretched. I think we need to
distinguish between trusted and untrusted operations. Everything in
the view definition is trusted. And some other things... perhaps
access methods and some/most/all system catalog functions... are
trusted. Other stuff is untrusted, and can't be pushed down.
I think there was a previous discussion of this when Heikki first
posted the issue to -hackers.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-12-15 03:34:09 | Re: WAL Info messages |
| Previous Message | Stephen Frost | 2009-12-15 03:21:06 | Re: Adding support for SE-Linux security |