Greg,
* Greg Stark (stark@mit.edu) wrote:
> But the original goal seems like it would be easier and better done with an
> immutable function which lies and calls elog to leak information. That's
> the actual attack this is supposed to protect against anyways.
Uh, yes, that's what the explain is about- making sure that the 'snoop'
function in the regression test doesn't get pushed down. It *also*
runs the function which raises a notice for each item the function can
see, and verifies that only those values are returned..
> That would make the tests more robust against other changes causing
> failures. Even things like changing explain output formatting for example.
Sure, but there's a whole slew of tests that would have to change if we
changed the explain output, not just this one. I don't think we really
want to make a policy against doing EXPLAIN in regression tests, but if
so, we'd need to go change quite a few tests which have been working
pretty well to date..
Thanks,
Stephen
