Re: [PATCH] Fix leaky VIEWs for RLS - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: [PATCH] Fix leaky VIEWs for RLS
Date
Msg-id 20100607110635.GB21875@tamriel.snowman.net
Whole thread Raw
In response to Re: [PATCH] Fix leaky VIEWs for RLS  (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>)
Responses Re: [PATCH] Fix leaky VIEWs for RLS
List pgsql-hackers
Heikki,

* Heikki Linnakangas (heikki.linnakangas@enterprisedb.com) wrote:
> The big difference is what information can be obtained, not how fast it
> can be obtained.

Actually, I disagree.  Time required to acquire the data does matter.

> Imagine a table that holds username/passwords for users. Each user is
> allowed to see his own row, including password, but not anyone else's.
> EXPLAIN side-channel might give pretty accurate information of how many
> rows there is in the table, and via clever EXPLAIN+statistics probing
> you might be able to find out what the top-10 passwords are, for
> example. But if you wanted to know what your neighbor's password is, the
> side-channels would not help you much, but an error message would reveal
> it easily.

Using only built-ins, could you elaborate on how one could pick exactly
what row was revealed using an error case?  That strikes me as
difficult, but perhaps I'm not thinking creatively enough.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Re: [RFC][PATCH]: CRC32 is limiting at COPY/CTAS/INSERT ... SELECT + speeding it up
Next
From: Heikki Linnakangas
Date:
Subject: Re: [PATCH] Fix leaky VIEWs for RLS