| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | Simon Riggs <simon(at)2ndQuadrant(dot)com>, Marc Munro <marc(at)bloodnok(dot)com>, Rod Taylor <rod(dot)taylor(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Using views for row-level access control is leaky |
| Date: | 2009-10-23 12:07:03 |
| Message-ID: | 4AE19C67.8060806@archonet.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas wrote:
> The most useful "automatic" annotation I can see is to treat functions
> implementing B-tree operators as safe. I *think* that's safe, anyway.
Index lookups and single-type comparisons were the only things I could
come up with as safe. Unless there is some way to generate an error from
geometric ops (overflow or some such).
Anything involving a type-cast can obviously be finessed. If you allow
arithmetic then you could trigger an overflow or divide-by-zero error.
Hmm - you can probably do something evil with non-UTF8 characters if you
allow string operations. Would string comparisons be safe (because a
literal would be caught before the view gets evaluated)?
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-10-23 12:23:09 | Re: per table random-page-cost? |
| Previous Message | Heikki Linnakangas | 2009-10-23 11:40:03 | Re: Using views for row-level access control is leaky |