Home > mailing lists

Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE - Mailing list pgsql-hackers

From	Laurenz Albe
Subject	Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE
Date	January 29 09:25:10
Msg-id	b23008d0a7ef0081b81a1584cfafd11965f806a0.camel@cybertec.at Whole thread Raw
In response to	Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE (Steve Chavez <steve@supabase.io>)
List	pgsql-hackers

Tree view

On Wed, 2026-01-28 at 15:43 -0500, Steve Chavez wrote:
> But that is a property of just regular views not necessarily security_barrier right? i.e. "to be able to hide certain
columns".

Right, but without "security_barries = on" it may be that a sneaky attacker
can subvert the security.  With that setting, only LEAKPROOF functions and
operators are can be pushed into the view definition.

But we are getting off-topic.  My point is that your proposed database setting
would change the behavior of such a view so that it wouldn't work any more.

Yours,
Laurenz Albe

pgsql-hackers by date:

From: Corey Huinker
Date: 29 January, 09:20:10
Subject: Re: Extended Statistics set/restore/clear functions.

From: "cca5507"
Date: 29 January, 09:29:05
Subject: Re: Fix logical decoding not track transaction during SNAPBUILD_BUILDING_SNAPSHOT

Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE - Mailing list pgsql-hackers

Previous

Next