Re: Multivariate MCV stats can leak data to unprivileged users
От | Tomas Vondra |
---|---|
Тема | Re: Multivariate MCV stats can leak data to unprivileged users |
Дата | |
Msg-id | 20190518190042.2y33h4toxk4fxv5t@development обсуждение исходный текст |
Ответ на | Re: Multivariate MCV stats can leak data to unprivileged users (Andres Freund <andres@anarazel.de>) |
Ответы |
Re: Multivariate MCV stats can leak data to unprivileged users
|
Список | pgsql-hackers |
On Sat, May 18, 2019 at 11:49:06AM -0700, Andres Freund wrote: >Hi, > >On May 18, 2019 8:43:29 AM PDT, Dean Rasheed <dean.a.rasheed@gmail.com> wrote: >>On Sat, 18 May 2019 at 16:13, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> >>> Dean Rasheed <dean.a.rasheed@gmail.com> writes: >>> > On the other hand, pg_dump relies on pg_statistic_ext to work out >>> > which extended statistics objects to dump. If we were to change >>that >>> > to use pg_stats_ext, then a user dumping a table with RLS using the >>> > --enable-row-security flag wouldn't get any extended statistics >>> > objects, which would be a somewhat surprising result. >>> >>> It seems like what we need here is to have a separation between the >>> *definition* of a stats object (which is what pg_dump needs access >>> to) and the current actual *data* in it. I'd have expected that >>> keeping those in separate catalogs would be the thing to do, though >>> perhaps it's too late for that. >>> >> >>Yeah, with the benefit of hindsight, that would have made sense, but >>that seems like a pretty big change to be attempting at this stage. > >Otoh, having a suboptimal catalog representation that we'll likely have >to change in one of the next releases also isn't great. Seems likely >that we'll need post beta1 catversion bumps anyway? > But that's not an issue intruduced by PG12, it works like that even for the extended statistics introduced in PG10. regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: