Mike Mascari <mascarm@mascari.com> writes:
> What appears to me is that the rewriter is just tacking the IS NULL test
> onto the parsed query. As a result, a function is called with data from
> a view before the evaluation of IS NULL removes those rows from the
> selection process. Is that right? If so, is that a security problem?
You're essentially asking for a guarantee about the order of evaluation
of WHERE clauses. There is no such guarantee, and won't be because it
would be a crippling blow to performance. For example, consider
create table tab (k int primary key, d text);
create view v as select * from tab where d is not null;
select * from v where k = 42;
If the not-null clause must be evaluated before the outer where,
then this query will be unable to use an indexscan on k. See related
discussion a week or so ago (in pgsql-general if memory serves).
We could possibly tweak the optimizer so that the where-clauses pulled
up from the view are evaluated first in cases where there is no
plan-driven reason to do it the other way 'round, but I doubt this would
provide much security.
regards, tom lane
