On Mon, Feb 16, 2009 at 4:14 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> I'm not sure I understand what you mean by that. I expect that if I
> deny a particular user access to SELECT from a particular table the
> system will throw a permissions error if that user later enters
> "SELECT * FROM <table-name>". I don't expect that the system will
> foresee every possible alternative way that a user might able to infer
> something about the contents of that table and block it. I similarly
> expect that if I install SE-PostgreSQL and configure it to filter out
> certain rows from accesses to certain tables, those rows will in fact
> be filtered. I still don't expect it to foresee every possible
> alternative way that a user might be able to infer something about the
> contents of the data to which the user does not have direct access.
>
> Is this fundamentally a semantic issue? If there's an asymmetry here
> in what is being claimed, I'm not seeing it.
Well the asymmetry is that in the former case the verb is "deny" and
the latter it's "filter"...
--
greg
