]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f90dd28) | patch
Add a security_barrier option for views.
authorRobert Haas <rhaas@postgresql.org>
Thu, 22 Dec 2011 21:15:57 +0000 (16:15 -0500)
committerRobert Haas <rhaas@postgresql.org>
Thu, 22 Dec 2011 21:16:31 +0000 (16:16 -0500)
commit0e4611c0234d89e288a53351f775c59522baed7c
tree942b0bf5b61f1b5150c58b96fd4ce46880c6cfdatree | snapshot
parentf90dd28062db2128a340fbe02f55829f15ab5561commit | diff
Add a security_barrier option for views.

When a view is marked as a security barrier, it will not be pulled up
into the containing query, and no quals will be pushed down into it,
so that no function or operator chosen by the user can be applied to
rows not exposed by the view.  Views not configured with this
option cannot provide robust row-level security, but will perform far
better.

Patch by KaiGai Kohei; original problem report by Heikki Linnakangas
(in October 2009!).  Review (in earlier versions) by Noah Misch and
others.  Design advice by Tom Lane and myself.  Further review and
cleanup by me.
22 files changed:
doc/src/sgml/ref/alter_view.sgml diff | blob | history
doc/src/sgml/ref/create_view.sgml diff | blob | history
doc/src/sgml/rules.sgml diff | blob | history
src/backend/access/common/reloptions.c diff | blob | history
src/backend/commands/tablecmds.c diff | blob | history
src/backend/commands/view.c diff | blob | history
src/backend/nodes/copyfuncs.c diff | blob | history
src/backend/nodes/equalfuncs.c diff | blob | history
src/backend/nodes/outfuncs.c diff | blob | history
src/backend/nodes/readfuncs.c diff | blob | history
src/backend/optimizer/path/allpaths.c diff | blob | history
src/backend/optimizer/prep/prepjointree.c diff | blob | history
src/backend/parser/gram.y diff | blob | history
src/backend/rewrite/rewriteHandler.c diff | blob | history
src/backend/utils/adt/selfuncs.c diff | blob | history
src/backend/utils/cache/relcache.c diff | blob | history
src/bin/pg_dump/pg_dump.c diff | blob | history
src/include/access/reloptions.h diff | blob | history
src/include/nodes/parsenodes.h diff | blob | history
src/include/utils/rel.h diff | blob | history
src/test/regress/expected/create_view.out diff | blob | history
src/test/regress/sql/create_view.sql diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.