Re: 8.4 release planning

Kouhei Kaigai <kaigai@ak.jp.nec.com>

From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Greg Smith <gsmith@gregsmith.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Joshua Brindle <method@manicmethod.com>, Josh Berkus <josh@agliodbs.com>, Stephen Frost <sfrost@snowman.net>, Gregory Stark <stark@enterprisedb.com>, Robert Haas <robertmhaas@gmail.com>, Simon Riggs <simon@2ndQuadrant.com>, Ron Mayer <rm_pg@cheapcomplexdevices.com>, "Joshua D. Drake" <jd@commandprompt.com>, Merlin Moncure <mmoncure@gmail.com>, "Jonah H. Harris" <jonah.harris@gmail.com>, Bruce Momjian <bruce@momjian.us>, Bernd Helmle <mailings@oopsware.de>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2009-01-28T05:02:08Z
Lists: pgsql-hackers
Greg Smith wrote:
> Where I suspect this is all is going to settle down into is that if 1) 
> the SE GUC is on and 2) one of the tables in a join has rows filtered, 
> then you can expect that a) it's possible that the result will leak 
> information, which certainly need to be documented, and b) the 
> optimizations Tom mentioned that "assume foreign key constraints hold" 
> will not be possible to implement, so performance will suck compared to 
> a similar situation in an unsecured environment.

c) security feature gives the optimizer a hint "don't optimize out
this table, please!" via a security hook.
I think it is a quite reasonable approach, as I noted in another message.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>