Re: CREATE POLICY and RETURNING

* Zhaomo Yang (zmpgzm(at)gmail(dot)com) wrote:
> > Just a side-note, but your mail client doesn't seem to get the quoting
> > quite right sometimes, which can be confusing. Not sure if there's
> > anything you can do about it but wanted to let you know in case there
> > is.
>
> Sorry about this. From now on I'll use the plain text mode for msgs I
> send to the mailing list.
> Please let me know if this happens also in this email.

Looks like this one has all of the quoting correct- thanks!

> > Regarding this, specifically, we'd need to first decide on what the
> > syntax/grammar should be.
>
> I'll think about it. Also, thanks for the pointers.

Sure, no problem.

> > Right, and we adressed the concerns with RETURNING. Regarding the
> > non-RETURNING case, The same concerns about blind updates and deletes
> > already exist with the GRANT permission system; it's not anything new.
>
> I think they are different. In the current GRANT permission system,
> one can do blind updates but he
> cannot refer to any existing values in either the expressions or the
> condition if he doesn't have
> SELECT privilege on the table (or the columns), thus the tricks like
> divide-by-zero cannot be used and a malicious
> user cannot get information out of blind updates.

Ok, I see what you're getting at with that and I believe it'll be a
pretty straight-forward change, thanks to Dean's recent rework. I'll
take a look at making that happens.

Thanks!

Stephen