Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Feike Steenbergen <feikesteenbergen@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>,
jian he <jian.universality@gmail.com>,
"David G. Johnston" <david.g.johnston@gmail.com>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2025-05-29T18:15:22Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Restrict virtual columns to use built-in functions and types
- 0cd69b3d7ef3 18.0 landed
-
Fix virtual generated column type checking for ALTER TABLE
- 49fe1c83ecf3 18.0 landed
-
Expand virtual generated columns in the planner
- 1e4351af329f 18.0 cited
Feike Steenbergen <feikesteenbergen@gmail.com> writes: > pg_restore may have issues though, as it will run these functions > for GENERATED STORED columns? pg_restore is already fairly exposed, as it will run tables' CHECK constraints, index expressions, etc. I don't think GENERATED STORED makes that picture much worse. As Robert said upthread, it would be nice to make all this more secure. But it'd presumably involve user-visible semantics changes along with the performance worries I mentioned. It's a dauntingly large task... regards, tom lane