Home > mailing lists

Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

From	Richard Huxton
Subject	Re: Using views for row-level access control is leaky
Date	October 22, 2009 11:13:43
Msg-id	4AE03DE4.9050803@archonet.com Whole thread Raw
In response to	Re: Using views for row-level access control is leaky (Pavel Stehule <pavel.stehule@gmail.com>)
List	pgsql-hackers

Tree view

Pavel Stehule wrote:
> What version do you have?
> 
> I am cannot repeat it.

It will depend on the relative cost of the clauses (though 0.0001 should
have been enough to force it). Try:

CREATE OR REPLACE FUNCTION row_hidden (phone text) RETURNS bool AS $$
BEGIN   RETURN phone LIKE '6%';
END;
$$ LANGUAGE plpgsql COST 999;

CREATE VIEW phone_number AS   SELECT person, phone FROM phone_data WHERE NOT row_hidden(phone);


--  Richard Huxton Archonet Ltd

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 22 October 2009, 11:06:13
Subject: Re: Using views for row-level access control is leaky

From: Pavel Stehule
Date: 22 October 2009, 11:15:21
Subject: Re: Using views for row-level access control is leaky

Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

Previous

Next