| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Simon Riggs <simon(at)2ndQuadrant(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Marc Munro <marc(at)bloodnok(dot)com>, Rod Taylor <rod(dot)taylor(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Using views for row-level access control is leaky |
| Date: | 2009-10-23 14:42:23 |
| Message-ID: | 4AE1C0CF.4010406@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> The thought that's been in the back of my mind is that you could solve
> 99% of the performance problem if you trusted all builtin functions and
> nothing else. This avoids the question of who gets to mark functions
> as trustable.
Except that all builtin functions are not trustworthy. set_config and
int->text cast are two examples mentioned this far, and I'm sure there's
a boatload of others.
Trusting only index operators seems more and more attractive to me. That
won't limit us to built-in datatypes, requires no explicit user action
to categorize functions. They're also the most significant functions
from a performance point-of-view, allowing use of indexes instead of
forcing a seqscan of all tables.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-23 14:50:33 | Re: plpgsql EXECUTE will not set FOUND |
| Previous Message | Tom Lane | 2009-10-23 14:34:34 | Re: pre-proposal: type interfaces |