Re: [v9.2] Fix leaky-view problem, part 2
Noah Misch <noah@2ndquadrant.com>
From: Noah Misch <noah@2ndQuadrant.com>
To: Yeb Havinga <yebhavinga@gmail.com>
Cc: Kohei KaiGai <kaigai@kaigai.gr.jp>, Robert Haas <robertmhaas@gmail.com>, Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>, Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, Stephen Frost <sfrost@snowman.net>, Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2011-07-20T14:43:03Z
Lists: pgsql-hackers
On Wed, Jul 20, 2011 at 04:23:10PM +0200, Yeb Havinga wrote: > On 2011-07-20 16:15, Yeb Havinga wrote: >> On 2011-07-20 16:06, Noah Misch wrote: >>> >>> The SQL-level semantics of the view define the access rules in >>> question. How >>> would you translate that into tests to apply at a lower level? >> I assumed the leaky view thread was about row level security, not >> about access rules to views, since it was mentioned at the RLS wiki >> page for se-pgsql. Sorry for the confusion. > Had to digg a bit for the wiki, it was this one : > http://wiki.postgresql.org/wiki/RLS#Issue:_A_leaky_VIEWs_for_RLS It is about row-level security, broadly. These patches close the hazard described in the latter half of this page: http://www.postgresql.org/docs/9.0/static/rules-privileges.html In the example given there, "phone NOT LIKE '412%'" is the (row-level) access rule that needs to apply before any possibly-leaky function sees the tuple. -- Noah Misch http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services