| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, marc(at)bloodnok(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Fix leaky VIEWs for RLS |
| Date: | 2010-06-07 09:07:53 |
| Message-ID: | 4C0CB6E9.4090903@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07/06/10 10:30, KaiGai Kohei wrote:
> (2010/06/07 15:48), Heikki Linnakangas wrote:
>> There's many side channels like exposing row counts in EXPLAIN and
>> statistics and timing attacks, that are not as critical, because they
>> don't let expose all data, and the attacker can't accurately choose what
>> data is exposed. Those are not as important.
>>
> It also means; because they can provide much smaller bandwidth to leak
> invisible information than error messages, these are not as important.
> Is it right?
The big difference is what information can be obtained, not how fast it
can be obtained.
Imagine a table that holds username/passwords for users. Each user is
allowed to see his own row, including password, but not anyone else's.
EXPLAIN side-channel might give pretty accurate information of how many
rows there is in the table, and via clever EXPLAIN+statistics probing
you might be able to find out what the top-10 passwords are, for
example. But if you wanted to know what your neighbor's password is, the
side-channels would not help you much, but an error message would reveal
it easily.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pierre C | 2010-06-07 10:37:13 | Re: Re: [RFC][PATCH]: CRC32 is limiting at COPY/CTAS/INSERT ... SELECT + speeding it up |
| Previous Message | Dimitri Fontaine | 2010-06-07 08:14:47 | Re: exporting raw parser |