| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | fuboat(at)outlook(dot)com |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #18496: Strange Handling for Circular Views and Permissions in PostgreSQL |
| Date: | 2024-06-06 16:16:28 |
| Message-ID: | 1025641.1717690588@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> When a user without SELECT permissions tries to perform a select operation
> on a circular view, PostgreSQL will report an error saying "infinite
> recursion detected in rules for relation v2" instead of "permission denied
> for view v2". Is this a bug or an unexpected behavior?
[ shrug... ] Neither, I'd say. There are no specific restrictions on
the order in which error checks are performed.
> Regardless, a circular view is an invalid view and should not appear in
> normal scenarios, so reporting this error message does not have any negative
> impact. However, should this error take precedence over the SELECT
> permission error, and could some important error messages potentially be
> leaked in this way to users without permissions?
It's hard to see how this leaks any information that's not
readily available to everybody from the system catalogs
(ie, "\d+ v1" and "\d+ v2").
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2024-06-06 23:39:08 | Re: [EXTERNAL] Re: Windows Application Issues | PostgreSQL | REF # 48475607 |
| Previous Message | Sandeep Thakkar | 2024-06-06 13:38:06 | Re: Postgresql 16.3 installation error (setup file) on Windows 11 |