| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Row Level Security − leakproof-ness and performance implications |
| Date: | 2019-02-28 16:50:05 |
| Message-ID: | CA+TgmobXRw3Goxs73QwnS-5qEquU6dSnBBL7bJp2b9WnBNs=4A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 28, 2019 at 11:44 AM Joe Conway <mail(at)joeconway(dot)com> wrote:
> No, and Tom stated as much too, but life is all about tradeoffs. Some
> people will find this an acceptable compromise. For those that don't
> they don't have to use it. IMHO we tend toward too much nannyism too often.
Well, I agree with that, too.
Hmm. I don't think there's anything preventing you from implementing
this in "userspace," is there? A logging hook could suppress all
error message text, and you could just mark all functions leakproof
after that, and you'd have this exact behavior in an existing release
with no core code changes, I think.
If you do that, or just stick this patch into your own distro, I would
be interested to hear some experiences from customers (and those who
support them) after some time had gone by. I find it hard to imagine
delivering customer support in an environment configured this way, but
sometimes my imagination is limited.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2019-02-28 17:05:25 | Re: Row Level Security − leakproof-ness and performance implications |
| Previous Message | Joe Conway | 2019-02-28 16:44:55 | Re: Row Level Security − leakproof-ness and performance implications |