On Mon, Feb 16, 2009 at 4:14 PM, Robert Haas <robertmh...@gmail.com> wrote: > > I'm not sure I understand what you mean by that. I expect that if I > deny a particular user access to SELECT from a particular table the > system will throw a permissions error if that user later enters > "SELECT * FROM <table-name>". I don't expect that the system will > foresee every possible alternative way that a user might able to infer > something about the contents of that table and block it. I similarly > expect that if I install SE-PostgreSQL and configure it to filter out > certain rows from accesses to certain tables, those rows will in fact > be filtered. I still don't expect it to foresee every possible > alternative way that a user might be able to infer something about the > contents of the data to which the user does not have direct access. > > Is this fundamentally a semantic issue? If there's an asymmetry here > in what is being claimed, I'm not seeing it.
Well the asymmetry is that in the former case the verb is "deny" and the latter it's "filter"... -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers