Home > mailing lists

Re: [RFC] A tackle to the leaky VIEWs for RLS - Mailing list pgsql-hackers

From	Merlin Moncure
Subject	Re: [RFC] A tackle to the leaky VIEWs for RLS
Date	June 1, 2010 21:22:49
Msg-id	AANLkTikL967mX1c6bG7iXj9SwTw0-uL2LnrQA_6ER-u7@mail.gmail.com Whole thread Raw
In response to	Re: [RFC] A tackle to the leaky VIEWs for RLS (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On Tue, Jun 1, 2010 at 4:57 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Tue, Jun 1, 2010 at 4:10 PM, Merlin Moncure <mmoncure@gmail.com> wrote:
>> have you ruled out: 'create function'? :-)
>
> You lost me...

Well, as noted by the OP, using views for security in postgres is
simply wishful thinking.  This is part of a family of issues
(generally not evil nor fixable) under the category of 'there is no
real control over when functions in a query fire'.

My point was that in cases where users expect this behavior, why not
encourage them to use functions instead of views?  Is there any formal
expectation that views can be used to hide data in this way?  Does
this really have to be fixed, and if so should it be in light of the
fact that our rule system is basically understood to be broken?

merlin

pgsql-hackers by date:

From: Robert Haas
Date: 01 June 2010, 20:57:43
Subject: Re: [RFC] A tackle to the leaky VIEWs for RLS

From: Hiroshi Inoue
Date: 01 June 2010, 21:53:25
Subject: Re: [COMMITTERS] pgsql: PGDLLEXPORT is __declspec (dllexport) only on MSVC, but is

Re: [RFC] A tackle to the leaky VIEWs for RLS - Mailing list pgsql-hackers

Previous

Next