| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, marc(at)bloodnok(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Fix leaky VIEWs for RLS |
| Date: | 2010-06-08 01:09:53 |
| Message-ID: | 4C0D9861.9050201@ak.jp.nec.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(2010/06/08 9:46), Tom Lane wrote:
> KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
>> In this case, is it unnecessary to expose the given argument in
>> the error message (from security perspective), isn't it?
>
> Yes, if all you care about is security and not usability, that looks
> like a great solution. We're *not* doing it.
>
Sorry, are you saying we should not revise error messages because
of usability??
If so, and if we decide the middle-threat also should be fixed,
it is necessary to distinguish functions trusted and untrusted,
even if a function is built-in.
Perhaps, pg_proc takes a new flag to represent it.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2010-06-08 01:17:32 | Re: [PATCH] Fix leaky VIEWs for RLS |
| Previous Message | Greg Stark | 2010-06-08 01:02:48 | Re: [PATCH] Fix leaky VIEWs for RLS |