"Robert Haas" <robertmhaas@gmail.com> writes:
> I think you have to resign yourself to the fact that a user who can
> see only a subset of the rows in a table may very well see apparent
> foreign-key violations. But so what?
So you're leaking information about the rows that they're not supposed
to be able to see. This is not what I would call national-security-grade
information hiding --- leastwise *I* certainly wouldn't store nuclear
weapon design information in such a database. The people that the NSA
wants to defend against are more than smart enough, and persistent
enough, to extract information through such loopholes.
I can't escape the lurking suspicion that some bright folk inside the
NSA have spent years thinking about this and have come up with some
reasonably self-consistent definition of row hiding in a SQL database.
But have they published it where we can find it?
regards, tom lane