Hi All,
Is this the correct place to submit a bug report or should I do it somewhere else?
BUG DETAILS:
PG version 7.4.2 Platform: Linux
BUG DESC:
Using aliases in the "select" part of a select clause isn't strongly checked against the alias definitions in the FROM part of the SQL. Specifically, if the alias in the "select" clause matches another table name (not in the FROM list), then the select is applied against that other table whereas the correct action would be to chuck and error.
EXAMPLE:
One table: acct_dets One view: acct_dets_view created as select * from acct_dets_table where XXXX
Select acct_dets.aaa, acct_dets.bbb from acct_dets_view;
The above select is accepted and processed when it SHOULD throw an error.
This was discovered using JBuilderX and JBDC when a baseline table was moved into a view to add security constraints to the dataset. It is a feature of JB that is always pre-pends the table name as an alias in the select clause, so the name change to the _view part changed in the FROM clause but (my error) I forgot to change the select columns in one of the queries. The result was that the view was bypassed.
Thanks,
Brad
---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
