From: | Zhaomo Yang <zmpgzm(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: CREATE POLICY and RETURNING |
Date: | 2015-09-23 17:53:11 |
Message-ID: | CALPr3owXZOVwZQqKQKZ_Gd7sPZAeZkKOA5DDP=zZ+FhQ651gTw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen,
> Just a side-note, but your mail client doesn't seem to get the quoting
> quite right sometimes, which can be confusing. Not sure if there's
> anything you can do about it but wanted to let you know in case there
> is.
Sorry about this. From now on I'll use the plain text mode for msgs I
send to the mailing list.
Please let me know if this happens also in this email.
> Regarding this, specifically, we'd need to first decide on what the
> syntax/grammar should be.
I'll think about it. Also, thanks for the pointers.
> Right, and we adressed the concerns with RETURNING. Regarding the
> non-RETURNING case, The same concerns about blind updates and deletes
> already exist with the GRANT permission system; it's not anything new.
I think they are different. In the current GRANT permission system,
one can do blind updates but he
cannot refer to any existing values in either the expressions or the
condition if he doesn't have
SELECT privilege on the table (or the columns), thus the tricks like
divide-by-zero cannot be used and a malicious
user cannot get information out of blind updates.
Thanks,
Zhaomo
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2015-09-23 18:03:05 | Re: Rework the way multixact truncations work |
Previous Message | Tom Lane | 2015-09-23 16:45:14 | Re: TEXT vs VARCHAR join qual push down diffrence, bug or expected? |