Hi, While checking GSoC query cache project specification, I noticed that there's possible security issue with it. Currently the query cache key is md5(query_string+database_name). Suppose user A has a table "my_secret_table" whose result is only accessible by A. A issues following query and the result is cached.
SELECT * FROM my_secret_table; Afterward user B issues same query and the query cache system happily returns the result of the query. So user B can accesss table A which he has no right to access. To solve the problem we can check the system catalog, but this is not cheap. My proposal is using key md5(username+query_string+database_name) as cache key. One drawback is even if a table is accessable by user A and B, they cannot share the query cache. Comments? -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp _______________________________________________ Pgpool-hackers mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-hackers
