| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Hannu Krosing <hannu(at)tm(dot)ee> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Rod Taylor <rbt(at)zort(dot)ca>, Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Temporary Views |
| Date: | 2002-08-13 22:36:36 |
| Message-ID: | 1962.1029278196@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hannu Krosing <hannu(at)tm(dot)ee> writes:
> It seems to be a broken view not security risk in 7.2.1
The implementation of temp tables has changed completely in CVS tip,
so experiments with 7.2 aren't very relevant. In CVS tip I believe
you *could* read the contents of someone else's temp table, assuming
you had permissions to read the view. However, you'd not be guaranteed
to get up-to-date information, since the guy who actually owns the temp
table would be using his local-buffer manager for access to it; there
might be many pages that you'd see stale information from because the
only up-to-date copy is in local memory of the owning backend.
I see some potential for confusion here, but not really any
crash-the-database scenarios. I also do not see a security risk:
you did grant the other guy read permission on your view, after all.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-13 22:43:31 | Re: Temporary Views |
| Previous Message | Bruce Momjian | 2002-08-13 22:22:30 | Re: Open 7.3 items |