Re: [HACKERS] A question about ExplainOnePlan()
"Gurjeet Singh" <[EMAIL PROTECTED]> writes: > On 12/13/06, Tom Lane <[EMAIL PROTECTED]> wrote: >> No; at least not unless you want to duplicate the permission-checking >> machinery inside ExecutorStart. > I had seen the ExecCheckRTPerms() call inside InitPlan(), but didn't know > that we considered even the EXPLAIN output to be so sensitive. It's the same reason why pg_statistic isn't publicly readable. The standard example is that the min and max of an employee.salary column are probably things that would be embarrassing to expose to everyone in the company ... regards, tom lane ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] A question about ExplainOnePlan()
On 12/13/06, Tom Lane <[EMAIL PROTECTED]> wrote: "Gurjeet Singh" <[EMAIL PROTECTED]> writes: > Can we avoid calls to Executor{Start|End}() here, or is it necessary to > call them even for non-ANALYZE case? No; at least not unless you want to duplicate the permission-checking machinery inside ExecutorStart. I had seen the ExecCheckRTPerms() call inside InitPlan(), but didn't know that we considered even the EXPLAIN output to be so sensitive. Otherwise EXPLAIN could be used to obtain information about tables you're not supposed to be able to read (for instance, the estimated number of rows matching a WHERE condition could be sensitive information). Also, you'd have to uglify explain.c quite a lot to be able to handle the case of traversing a plan tree without a matching planstate tree. Thanks. -- [EMAIL PROTECTED] [EMAIL PROTECTED] gmail | hotmail | yahoo }.com
Re: [HACKERS] A question about ExplainOnePlan()
"Gurjeet Singh" <[EMAIL PROTECTED]> writes: > In ExplainOnePlan(), we are calling ExecutorStart() and ExecutorEnd() > even if we are not doing EXPLAIN ANALYZE. Whereas, ExecutorRun() is called > only if we are ANALYZEing. > Can we avoid calls to Executor{Start|End}() here, or is it necessary to > call them even for non-ANALYZE case? No; at least not unless you want to duplicate the permission-checking machinery inside ExecutorStart. Otherwise EXPLAIN could be used to obtain information about tables you're not supposed to be able to read (for instance, the estimated number of rows matching a WHERE condition could be sensitive information). Also, you'd have to uglify explain.c quite a lot to be able to handle the case of traversing a plan tree without a matching planstate tree. regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly