On 07.10.2010 06:39, Robert Haas wrote:
On Tue, Oct 5, 2010 at 3:42 PM, Tom Lane<t...@sss.pgh.pa.us> wrote:
Right, *column* filtering seems easy and entirely secure. The angst
here is about row filtering. Can we have a view in which users can see
the values of a column for some rows, with perfect security that they
can't identify values for the hidden rows? The stronger form is that
they shouldn't even be able to tell that hidden rows exist, which is
something your view doesn't try to do; but there are at least some
applications where that would be desirable.
I took a crack at documenting the current behavior; see attached.
Looks good. It gives the impression that you need to be able to a create
custom function to exploit, though. It would be good to mention that
internal functions can be used too, revoking access to CREATE FUNCTION
does not make you safe.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
