Re: [PATCH] Fix leaky VIEWs for RLS
Kouhei Kaigai <kaigai@ak.jp.nec.com>
From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>, Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, marc@bloodnok.com, pgsql-hackers@postgresql.org
Date: 2010-06-08T01:09:53Z
Lists: pgsql-hackers
(2010/06/08 9:46), Tom Lane wrote: > KaiGai Kohei<kaigai@ak.jp.nec.com> writes: >> In this case, is it unnecessary to expose the given argument in >> the error message (from security perspective), isn't it? > > Yes, if all you care about is security and not usability, that looks > like a great solution. We're *not* doing it. > Sorry, are you saying we should not revise error messages because of usability?? If so, and if we decide the middle-threat also should be fixed, it is necessary to distinguish functions trusted and untrusted, even if a function is built-in. Perhaps, pg_proc takes a new flag to represent it. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>