Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

From Simon Riggs
Subject Re: Using views for row-level access control is leaky
Date
Msg-id 1256313744.8450.1671.camel@ebony
Whole thread Raw
In response to Re: Using views for row-level access control is leaky  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Using views for row-level access control is leaky
List pgsql-hackers
On Fri, 2009-10-23 at 10:04 -0400, Tom Lane wrote:
> Simon Riggs <simon@2ndQuadrant.com> writes:
> > On Fri, 2009-10-23 at 19:38 +0900, KaiGai Kohei wrote:
> >> Sorry, what is happen if function is marked as "plan security"?
> 
> > I was suggesting an intelligent default by which we could determine
> > function marking implicitly, if it was not explicitly stated on the
> > CREATE FUNCTION.
> 
> The thought that's been in the back of my mind is that you could solve
> 99% of the performance problem if you trusted all builtin functions and
> nothing else.  This avoids the question of who gets to mark functions
> as trustable.

That is a very good default. My experience is that those 1% of cases are
responsible for 99% of wasted time, so the ability to specify things for
user functions is critical. If we make user extensibility second rate we
will force solutions to be second rate also. (e.g. where would PostGIS
be without type-specific analyze functions?).

-- Simon Riggs           www.2ndQuadrant.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: client_lc_messages
Next
From: Pavel Stehule
Date:
Subject: Re: plpgsql EXECUTE will not set FOUND