Re: Column-Level Privileges - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Column-Level Privileges
Date
Msg-id 49769062.8090504@ak.jp.nec.com
Whole thread Raw
In response to Re: Column-Level Privileges  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Column-Level Privileges
List pgsql-hackers
Stephen Frost wrote:
> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>> On the whole I think we have to go back to the original plan of
>> recursively searching the query's expressions after we've finished all
>> the transformations (and have a completed jointree to refer to).  This
>> is slightly annoying on the grounds of adding parsing overhead that's
>> completely useless unless per-column privileges are in use.  On the
>> other hand, none of the workable alternatives are exactly overhead-free
>> either.
>>
>> Comments?
> 
> Honestly, I like this approach.  There is some additional overhead
> during parsing, but it seems cleaner and more robust.  Also, hopefully
> in most cases where people are concerned about parse time they're
> preparing their queries.  If it's warrented, we could try doing
> benchmarks to see how bad the impact is and if we need to do something
> different.  It doesn't strike me as likely to be a significant amount of
> overhead though.

I agree with Stephen's opinion.
Indeed, the walker approach requires additional steps during query
parsing, but the code obviousness is a significant factor from the
point of view of security.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>


pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: New pg_dump patch -- document statistics collector exception
Next
From: Tom Lane
Date:
Subject: Re: Column-Level Privileges