| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Multivariate MCV stats can leak data to unprivileged users |
| Date: | 2019-05-18 09:11:58 |
| Message-ID: | CAEZATCX9yU2eKL7-dCWTv1pMMi1hb+PsZyM6gjBxupDnMuEzRw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 17 May 2019 at 21:29, Andres Freund <andres(at)anarazel(dot)de> wrote:
>
> On 2019-05-16 14:28:03 +0100, Dean Rasheed wrote:
> > 5). Some columns from pg_statistic_ext have to be made visible for
> > psql \d to work. Basically, it needs to be able to query for the
> > existence of extended statistics, but it doesn't need to see the
> > actual statistical data. Of course, we could change psql to use the
> > view, but this way gives us better backwards compatibility with older
> > clients.
> >
> > This is still going to break compatibility of any user code looking at
> > stxndistinct or stxdependencies from pg_statistic_ext, but at least it
> > doesn't break old versions of psql.
>
> Hm, it's not normally a goal to keep old psql working against new
> postgres versions. And there's plenty other issues preventing a v11 psql
> to work against 12. I'd not let this guide any design decisions.
>
Ah good point. In fact running "\d some_table" from v11's psql against
a v12 database immediately falls over because of the removal of
relhasoids from pg_class, so this isn't a valid reason for retaining
access to any columns from pg_statistic_ext.
Regards,
Dean
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-05-18 10:18:38 | Re: vacuumdb and new VACUUM options |
| Previous Message | Sergei Kornilov | 2019-05-18 08:17:46 | Re: describe working as intended? |