Home > mailing lists

Re: Is this a bug, possible security hole, or wrong - Mailing list pgsql-general

From	Mike Mascari
Subject	Re: Is this a bug, possible security hole, or wrong
Date	June 13, 2002 13:18:06
Msg-id	3D08A6C2.67679A9E@mascari.com Whole thread Raw
In response to	Is this a bug, possible security hole, or wrong assumption? (Mike Mascari <mascarm@mascari.com>)
Responses	Re: Is this a bug, possible security hole, or wrong (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

I wrote:
>
> Tom Lane wrote:
> >
> > You're essentially asking for a guarantee about the order of evaluation
> > of WHERE clauses.  There is no such guarantee, and won't be because it
> > would be a crippling blow to performance.
>
> It seems to me that the condition which must be satisfied is this:
>
> If the attribute of a view is used in a user-defined function, then the
> conditional expressions associated with the WHERE condition of the view
> *must* be evaluated before the user-defined function is called (if
> ever). That would not limit the use of an index scan in the above
> example. Other RDBMS allow for both server-side functions and the use of
> views for security.

I apologize. The pg_stat_activity view is a good example of using views
atop functions to provide security. Its not exactly obvious, but it can
be done. And with the SRFs coming, I suppose fixing views is a pretty
low priority...

Mike Mascari
mascarm@mascari.com

pgsql-general by date:

From: Thomas Lockhart
Date: 13 June 2002, 12:58:53
Subject: Re: automatic time zone conversion

From: merlyn@stonehenge.com (Randal L. Schwartz)
Date: 13 June 2002, 14:04:16
Subject: Once again, nntp://news.postgresql.org is down

Re: Is this a bug, possible security hole, or wrong - Mailing list pgsql-general

Previous

Next