| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Олег Самойлов <splarv(at)ya(dot)ru> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Incorrect description of the WITH CHECK in the row security can lead to the security issue |
| Date: | 2018-07-30 15:58:11 |
| Message-ID: | 7182.1532966291@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
=?utf-8?B?0J7Qu9C10LMg0KHQsNC80L7QudC70L7Qsg==?= <splarv(at)ya(dot)ru> writes:
> PostgreSQL 10 (in 11 the same
> https://www.postgresql.org/docs/10/static/ddl-rowsecurity.html
> cite
> To use a different policy for rows that are being added to the table
> compared to those rows that are visible, the WITH CHECK clause can be used.
> This policy would allow all users to view all rows in the users table, but
> only modify their own:
> CREATE POLICY user_policy ON users
> USING (true)
> WITH CHECK (user_name = current_user);
> end cite
> This is is wrong description. Every one can steal other row with such
> policy.
Yup, you're right, this is too simple.
> The right statement to not allow modify rows by other user will be
> CREATE POLICY user_policy ON users
> USING (user_name = current_user)
> WITH CHECK (user_name = current_user);
Well, that also hides the other users' rows, which is not what the
example claims to do. To make it work as documented, we need something
like
CREATE POLICY user_sel_policy ON users
FOR SELECT
USING (true);
CREATE POLICY user_mod_policy ON users
USING (user_name = current_user);
I've pushed a patch along that line. Thanks for the report!
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rob Sargent | 2018-07-30 16:57:46 | alter table docs |
| Previous Message | Didier Wiroth | 2018-07-30 15:32:10 | jndi jdbc url with ssl authenticat in tomcat ... fails org.xml.sax.SAXParseException columnNumber: 79; The reference to entity "ssl" must end with the ';' delimiter |