| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pie-in-sky idea: 'sensitive' function parameters |
| Date: | 2020-05-29 19:36:36 |
| Message-ID: | 5ED16444.1060501@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 05/29/20 15:26, Tom Lane wrote:
> all of the simpler cases I can think of: aside from the ALTER USER
> PASSWORD case, there's INSERT INTO accounts(..., creditcardnumber,
> ...) VALUES(..., $n, ...). Neither one of those have a nearby UDF
> to control it with.
I was thinking incrementally ... something about UDFs only might
be quickish to do as a PoC. And is already useful, because if exposure
of a particular thing bothers you enough, you can make a UDF or P to
control it with.
But ultimately, if ALTER USER PASSWORD has sensitivity of
its parameter hardcoded in, and CREATE TABLE ACCOUNTS can declare
creditcardnumber SENSITIVE, then maybe those bits go out to the client
in the parameter Describe message, and come back in the Bind message,
without the user even necessarily thinking about it.
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2020-05-29 19:44:29 | Re: Default gucs for EXPLAIN |
| Previous Message | Robert Haas | 2020-05-29 19:32:04 | Re: pie-in-sky idea: 'sensitive' function parameters |