Postgres Pro
Downloads
Home   >   mailing lists

pgsql: Add a security_barrier option for views. - Mailing list pgsql-committers

From Robert Haas
Subject pgsql: Add a security_barrier option for views.
Date
Msg-id E1Rdq0q-00072t-CU@gemulon.postgresql.org
Whole thread Raw
Responses Re: pgsql: Add a security_barrier option for views.  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: pgsql: Add a security_barrier option for views.  (Jaime Casanova <jaime@2ndquadrant.com>)
List pgsql-committers
Tree view 
Add a security_barrier option for views.

When a view is marked as a security barrier, it will not be pulled up
into the containing query, and no quals will be pushed down into it,
so that no function or operator chosen by the user can be applied to
rows not exposed by the view.  Views not configured with this
option cannot provide robust row-level security, but will perform far
better.

Patch by KaiGai Kohei; original problem report by Heikki Linnakangas
(in October 2009!).  Review (in earlier versions) by Noah Misch and
others.  Design advice by Tom Lane and myself.  Further review and
cleanup by me.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/0e4611c0234d89e288a53351f775c59522baed7c

Modified Files
--------------
doc/src/sgml/ref/alter_view.sgml          |   20 +++++++++
doc/src/sgml/ref/create_view.sgml         |   13 ++++++
doc/src/sgml/rules.sgml                   |   39 ++++++++++++++++-
src/backend/access/common/reloptions.c    |   17 +++++++-
src/backend/commands/tablecmds.c          |   66 ++++++++++++++++++++++-------
src/backend/commands/view.c               |   26 ++++++++---
src/backend/nodes/copyfuncs.c             |    1 +
src/backend/nodes/equalfuncs.c            |    1 +
src/backend/nodes/outfuncs.c              |    1 +
src/backend/nodes/readfuncs.c             |    1 +
src/backend/optimizer/path/allpaths.c     |   14 ++++++
src/backend/optimizer/prep/prepjointree.c |    2 +
src/backend/parser/gram.y                 |   10 +++--
src/backend/rewrite/rewriteHandler.c      |    1 +
src/backend/utils/adt/selfuncs.c          |   13 ++++++
src/backend/utils/cache/relcache.c        |    1 +
src/bin/pg_dump/pg_dump.c                 |    6 ++-
src/include/access/reloptions.h           |    3 +-
src/include/nodes/parsenodes.h            |    3 +
src/include/utils/rel.h                   |    9 ++++
src/test/regress/expected/create_view.out |   55 +++++++++++++++++++++++-
src/test/regress/sql/create_view.sql      |   33 ++++++++++++++
22 files changed, 300 insertions(+), 35 deletions(-)

pgsql-committers by date:

Previous
From: Peter Eisentraut
Date:
Subject: pgsql: Add ALTER DOMAIN ... RENAME
Next
From: Tom Lane
Date:
Subject: Re: pgsql: Add a security_barrier option for views.