| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, marc(at)bloodnok(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Fix leaky VIEWs for RLS |
| Date: | 2010-06-07 11:06:35 |
| Message-ID: | 20100607110635.GB21875@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki,
* Heikki Linnakangas (heikki(dot)linnakangas(at)enterprisedb(dot)com) wrote:
> The big difference is what information can be obtained, not how fast it
> can be obtained.
Actually, I disagree. Time required to acquire the data does matter.
> Imagine a table that holds username/passwords for users. Each user is
> allowed to see his own row, including password, but not anyone else's.
> EXPLAIN side-channel might give pretty accurate information of how many
> rows there is in the table, and via clever EXPLAIN+statistics probing
> you might be able to find out what the top-10 passwords are, for
> example. But if you wanted to know what your neighbor's password is, the
> side-channels would not help you much, but an error message would reveal
> it easily.
Using only built-ins, could you elaborate on how one could pick exactly
what row was revealed using an error case? That strikes me as
difficult, but perhaps I'm not thinking creatively enough.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2010-06-07 11:53:47 | Re: [PATCH] Fix leaky VIEWs for RLS |
| Previous Message | Andres Freund | 2010-06-07 10:45:58 | Re: Re: [RFC][PATCH]: CRC32 is limiting at COPY/CTAS/INSERT ... SELECT + speeding it up |