Re: [PATCH] Fix leaky VIEWs for RLS

Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>

From: Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, KaiGai Kohei <kaigai@ak.jp.nec.com>, marc@bloodnok.com, pgsql-hackers@postgresql.org
Date: 2010-06-07T06:48:59Z
Lists: pgsql-hackers
On 07/06/10 06:06, Stephen Frost wrote:
> Also, perhaps I'm not being paranoid enough, but all this concern over
> error cases really doesn't really worry me that much.  The amount of
> data one could acquire that way is pretty limited.

It's not limited. It allows you to read all contents of the underlying 
table or tables. I don't see much point doing anything at all if we 
don't plug that.

There's many side channels like exposing row counts in EXPLAIN and 
statistics and timing attacks, that are not as critical, because they 
don't let expose all data, and the attacker can't accurately choose what 
data is exposed. Those are not as important.


-- 
   Heikki Linnakangas
   EnterpriseDB   http://www.enterprisedb.com