Quick Links

Re: [PATCH] Fix leaky VIEWs for RLS

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc:	Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, marc(at)bloodnok(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [PATCH] Fix leaky VIEWs for RLS
Date:	2010-06-08 00:46:38
Message-ID:	24663.1275957998@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> In this case, is it unnecessary to expose the given argument in
> the error message (from security perspective), isn't it?

Yes, if all you care about is security and not usability, that looks
like a great solution. We're *not* doing it.

regards, tom lane

In response to

Re: [PATCH] Fix leaky VIEWs for RLS at 2010-06-08 00:10:30 from KaiGai Kohei

Responses

Re: [PATCH] Fix leaky VIEWs for RLS at 2010-06-08 01:02:48 from Greg Stark
Re: [PATCH] Fix leaky VIEWs for RLS at 2010-06-08 01:09:53 from KaiGai Kohei

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Hitoshi Harada	2010-06-08 00:59:41	Re: Functional dependencies and GROUP BY
Previous Message	KaiGai Kohei	2010-06-08 00:46:27	Re: [PATCH] Fix leaky VIEWs for RLS