Re: leaky views, yet again - Mailing list pgsql-hackers

From Greg Stark
Subject Re: leaky views, yet again
Date
Msg-id AANLkTinDK4DfFGKHmyPBrR48+u2FTRKdwyx0VGcdGVuj@mail.gmail.com
Whole thread Raw
In response to Re: leaky views, yet again  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: leaky views, yet again
Re: leaky views, yet again
Re: leaky views, yet again
List pgsql-hackers
On Tue, Oct 5, 2010 at 11:01 AM, Robert Haas <robertmhaas@gmail.com> wrote:
> Well, the only thing I've ever wanted to do this for was to allow
> sales reps to see their own customers but not the customers of other
> sales reps (because if they could pull our complete customer list,
> then once they left and went to work for $COMPETITOR they'd start
> trying to pick off our customers; of course, we couldn't prevent them
> from maintaining a list of their own customers, and no doubt they knew
> who some of the other customers were, but they couldn't just dump out
> the complete list from the database).  I agree it's hopeless to
> prevent all side-channel leaks, but I'd describe the goal like this:
>
> Prevent access to the actual tuple contents of the hidden rows.

Though I find it unlikely the sales people would have direct access to
run arbitrary SQL -- let alone create custom functions.

If the users that have select access on the view don't have DDL access
doesn't that make them leak-proof for those users?

--
greg


pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: leaky views, yet again
Next
From: Stephen Frost
Date:
Subject: Re: leaky views, yet again