Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Steve Chavez <steve@supabase.io>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2026-01-29T06:25:10Z
Lists: pgsql-hackers
On Wed, 2026-01-28 at 15:43 -0500, Steve Chavez wrote: > But that is a property of just regular views not necessarily security_barrier right? i.e. "to be able to hide certain columns". Right, but without "security_barries = on" it may be that a sneaky attacker can subvert the security. With that setting, only LEAKPROOF functions and operators are can be pushed into the view definition. But we are getting off-topic. My point is that your proposed database setting would change the behavior of such a view so that it wouldn't work any more. Yours, Laurenz Albe