Re: [HACKERS] A question about ExplainOnePlan()

[Tom Lane]

"Gurjeet Singh" <[EMAIL PROTECTED]> writes:
> On 12/13/06, Tom Lane <[EMAIL PROTECTED]> wrote:
>> No; at least not unless you want to duplicate the permission-checking
>> machinery inside ExecutorStart.

> I had seen the ExecCheckRTPerms() call inside InitPlan(), but didn't know
> that we considered even the EXPLAIN output to be so sensitive.

It's the same reason why pg_statistic isn't publicly readable.  The
standard example is that the min and max of an employee.salary column
are probably things that would be embarrassing to expose to everyone
in the company ...

regards, tom lane

---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at

http://www.postgresql.org/about/donate

Re: [HACKERS] A question about ExplainOnePlan()

[Gurjeet Singh]

On 12/13/06, Tom Lane <[EMAIL PROTECTED]> wrote:


"Gurjeet Singh" <[EMAIL PROTECTED]> writes:
> Can we avoid calls to Executor{Start|End}() here, or is it necessary
to
> call them even for non-ANALYZE case?

No; at least not unless you want to duplicate the permission-checking
machinery inside ExecutorStart.



I had seen the ExecCheckRTPerms() call inside InitPlan(), but didn't know
that we considered even the EXPLAIN output to be so sensitive.

Otherwise EXPLAIN could be used to

obtain information about tables you're not supposed to be able to read
(for instance, the estimated number of rows matching a WHERE condition
could be sensitive information).

Also, you'd have to uglify explain.c quite a lot to be able to handle
the case of traversing a plan tree without a matching planstate tree.



Thanks.


--
[EMAIL PROTECTED]
[EMAIL PROTECTED] gmail | hotmail | yahoo }.com

Re: [HACKERS] A question about ExplainOnePlan()

[Tom Lane]

"Gurjeet Singh" <[EMAIL PROTECTED]> writes:
> In ExplainOnePlan(), we are calling ExecutorStart() and ExecutorEnd()
> even if we are not doing EXPLAIN ANALYZE. Whereas, ExecutorRun() is called
> only if we are ANALYZEing.

> Can we avoid calls to Executor{Start|End}() here, or is it necessary to
> call them even for non-ANALYZE case?

No; at least not unless you want to duplicate the permission-checking
machinery inside ExecutorStart.  Otherwise EXPLAIN could be used to
obtain information about tables you're not supposed to be able to read
(for instance, the estimated number of rows matching a WHERE condition
could be sensitive information).

Also, you'd have to uglify explain.c quite a lot to be able to handle
the case of traversing a plan tree without a matching planstate tree.

regards, tom lane

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly