On Mon, 2022-10-17 at 16:24 +0800, qiumingcheng wrote:
> > "you seem to be imagining that changes in a query's plan on the basis of changes
> > in collected statistics have something to do with this. They do not."
>
> 1. My understanding of the above paragraph is that for the same view and different users,
> the proleakproof=false attribute of the function will not lead to inconsistent plans,
> but my actual test result is that proleakproof=false will lead to inconsistent plans.
The above says "on the basis of changes in collected statistics". The different execution
you see is not because the statistics are different, but because the permissions of the
users are different.
> 2. What's the reason about the function timestamp_gt_timestampz may cause data leakage?
> Can you explain how it causes data leakage?
I don't know the reason in this case. You could look at the source code, perhaps it is
possible to cause error messages that can give you some clue as to the value that you
compare with. But perhaps, as Tome said, it is just that nobody scrutinized the function
hard enough to exclude that something like that can happen.
Yours,
Laurenz Albe