RE: A flaw in treating WITH CHECK OPTION views

Forget it

I was Super User…
I have modified the prompt for something else and then forgot that I have
modified it…

Michel SALAIS

De : msalais(at)msym(dot)fr <msalais(at)msym(dot)fr>
Envoyé : jeudi 18 avril 2024 20:35
À : 'pgsql-admin(at)lists(dot)postgresql(dot)org' <pgsql-admin(at)lists(dot)postgresql(dot)org>
Objet : A flaw in treating WITH CHECK OPTION views

Hi,

I will demonstrate what I want with a little example

msym=> create table t (c1 int, c2 int, c3 int);

CREATE TABLE

msym=> insert into t values (1, 1, 10),(2, 1, 10), (3, 2, 20), (4, 2, 20);

INSERT 0 4

msym=> create view v as select c1, c2 from t where c2 = 2 with check option;

CREATE VIEW

msym=> select * from v;

c1 | c2

----+----

3 | 2

4 | 2

(2 lignes)

msym=> update v set c2 = 3 where c1 = 3;

ERROR: new row violates check option for view "v"

DETAIL : Failing row contains (3, 3, 20).

Suppose that view use is exactly to hide value of c3! This example shows a
security issue.

Best regards

Michel SALAIS