On Tue, Oct 5, 2010 at 10:56 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Personally I think this is a dead end that we shouldn't be wasting > any more time on.
But you haven't proposed a reasonable alternative. As far as I can see, there are only two ways to go here. Option #1: Remove all mention from the documentation of using views for security purposes. Don't allow views to have explicit permissions attached to them; they are merely shorthand for a SELECT, for which you either do or do not have privileges. Option #2: Define a standard for what constitutes acceptable information leakage and what does not. Then write the code to try to meet that standard. The status quo, whereby we advise people to security their data by doing something that doesn't actually work, is, to use the non-technical term, dumb. We need to decide what we're going to do about it, not whether we're going to do anything about it. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
