| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
| Cc: | ivo(at)limmen(dot)org, PostgreSQL Bugs List <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14833: Row security policies using session variable can be circumvented |
| Date: | 2017-09-28 16:47:20 |
| Message-ID: | CAKFQuwZe-bezSjVVHNPn=X6PsK=C3o7yDXPP-hTWuvwnx9Uq4w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Sep 28, 2017 at 9:27 AM, Guillaume Lelarge <guillaume(at)lelarge(dot)info>
wrote:
> 2017-09-28 11:25 GMT+02:00 <ivo(at)limmen(dot)org>:
>
>> The following bug has been logged on the website:
>>
>> Bug reference: 14833
>> Logged by: Ivo Limmen
>> Email address: ivo(at)limmen(dot)org
>> PostgreSQL version: 9.5.8
>> Operating system: Linux Mint 18.2
>> Description:
>>
>
FTR, this was originally sent to -bugs via email (as opposed to the online
form) and responded to there. Closed as not being a code bug though this
report and my personal opinion suggest the potential for documentation
improvement.
To get the desired behavior "FORCE ROW LEVEL SECURITY" should be set on the
table (and, I think, don't have the table owned by a superuser).
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2017-09-28 17:01:04 | Re: Something strang on "left join" |
| Previous Message | Alvaro Herrera | 2017-09-28 16:47:13 | Re: Old row version in hot chain become visible after a freeze |