On 26 October 2016 at 10:58, Tom Lane <t...@sss.pgh.pa.us> wrote: > The alternative I'm now thinking about pursuing is to get rid of the > conversion of RLS quals to subqueries. Instead, we can label individual > qual clauses with security precedence markings. Concretely, suppose we > add an "int security_level" field to struct RestrictInfo. The semantics > of this would be that a qual with a lower security_level value must be > evaluated before a qual with a higher security_level value, unless the > latter qual is leakproof. (It would likely also behoove us to add a > "leakproof" bool field to struct RestrictInfo, to avoid duplicate > leakproof-ness checks on quals. But that's just an optimization.)
I wonder if there will be a need for more security_levels in the future, otherwise perhaps a more generic field can be added, like "int evaulation_flags". In [1], there's still things to work out with it, but I mentioned that I'd like to improve equivalence classes to handle more than just simple equality, which seems to require "optional" RestrictInfos. It would be nice if we could store all this in one field as a set of bits. [1] https://www.postgresql.org/message-id/cakjs1f9fpdlkm6%3dsuzagwuch3otbspk6k0yt8-a1hgjfapl...@mail.gmail.com -- David Rowley http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
