From: | <msalais(at)msym(dot)fr> |
---|---|
To: | <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | RE: A flaw in treating WITH CHECK OPTION views |
Date: | 2024-04-18 18:42:17 |
Message-ID: | 000c01da91c0$23ccbea0$6b663be0$@msym.fr |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Forget it
I was Super User
I have modified the prompt for something else and then forgot that I have
modified it
Michel SALAIS
De : msalais(at)msym(dot)fr <msalais(at)msym(dot)fr>
Envoyé : jeudi 18 avril 2024 20:35
À : 'pgsql-admin(at)lists(dot)postgresql(dot)org' <pgsql-admin(at)lists(dot)postgresql(dot)org>
Objet : A flaw in treating WITH CHECK OPTION views
Hi,
I will demonstrate what I want with a little example
msym=> create table t (c1 int, c2 int, c3 int);
CREATE TABLE
msym=> insert into t values (1, 1, 10),(2, 1, 10), (3, 2, 20), (4, 2, 20);
INSERT 0 4
msym=> create view v as select c1, c2 from t where c2 = 2 with check option;
CREATE VIEW
msym=> select * from v;
c1 | c2
----+----
3 | 2
4 | 2
(2 lignes)
msym=> update v set c2 = 3 where c1 = 3;
ERROR: new row violates check option for view "v"
DETAIL : Failing row contains (3, 3, 20).
Suppose that view use is exactly to hide value of c3! This example shows a
security issue.
Best regards
Michel SALAIS
From | Date | Subject | |
---|---|---|---|
Next Message | Ravindranathan Rinilnath (Ext. - UniCredit) | 2024-04-19 00:58:20 | RE: Installation of PostGIS without internet or with limited internet access |
Previous Message | msalais | 2024-04-18 18:35:02 | A flaw in treating WITH CHECK OPTION views |