| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info>, pgsql-hackers(at)postgresql(dot)org |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Row Level Security − leakproof-ness and performance implications |
| Date: | 2019-03-18 19:08:49 |
| Message-ID: | 89224f4d-e94c-804e-0f04-12005fd1fdfd@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2019-02-21 15:56, Pierre Ducroquet wrote:
> I undestand these decisions, but it makes RLS quite fragile, with numerous un-
> documented side-effects. In order to save difficulties from future users, I
> wrote this patch to the documentation, listing the biggest restrictions I hit
> with RLS so far.
This appears to be the patch of record for this commit fest entry.
I agree that it would be useful to document and discuss better which
built-in operators are leak-proof and which are not. But I don't think
the CREATE POLICY reference page is the place to do it. Note that the
leak-proofness mechanism was originally introduced for security-barrier
views (an early form of RLS if you will), so someone could also
reasonably expect a discussion there.
I'm not sure of the best place to put it. Perhaps adding a section to
the Functions and Operators chapter would work.
Also, once you start such a list, there will be an expectation that it's
complete. So that would need to be ensured. You only list a few things
you found. Are there others? How do we keep this up to date?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2019-03-18 19:19:51 | Re: [HACKERS] Block level parallel vacuum |
| Previous Message | Tom Lane | 2019-03-18 19:08:19 | Re: jsonpath |