diff options
| author | Robert Haas <rhaas@postgresql.org> | 2011-12-22 16:15:57 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2011-12-22 16:16:31 -0500 |
| commit | 0e4611c0234d89e288a53351f775c59522baed7c (patch) | |
| tree | 942b0bf5b61f1b5150c58b96fd4ce46880c6cfda /src/backend/optimizer/prep/prepjointree.c | |
| parent | f90dd28062db2128a340fbe02f55829f15ab5561 (diff) | |
Add a security_barrier option for views.
When a view is marked as a security barrier, it will not be pulled up
into the containing query, and no quals will be pushed down into it,
so that no function or operator chosen by the user can be applied to
rows not exposed by the view. Views not configured with this
option cannot provide robust row-level security, but will perform far
better.
Patch by KaiGai Kohei; original problem report by Heikki Linnakangas
(in October 2009!). Review (in earlier versions) by Noah Misch and
others. Design advice by Tom Lane and myself. Further review and
cleanup by me.
Diffstat (limited to 'src/backend/optimizer/prep/prepjointree.c')
| -rw-r--r-- | src/backend/optimizer/prep/prepjointree.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/optimizer/prep/prepjointree.c b/src/backend/optimizer/prep/prepjointree.c index 8bb011b7116..a711c4f646b 100644 --- a/src/backend/optimizer/prep/prepjointree.c +++ b/src/backend/optimizer/prep/prepjointree.c @@ -543,6 +543,7 @@ pull_up_subqueries(PlannerInfo *root, Node *jtnode, */ if (rte->rtekind == RTE_SUBQUERY && is_simple_subquery(rte->subquery) && + !rte->security_barrier && (containing_appendrel == NULL || is_safe_append_member(rte->subquery))) return pull_up_simple_subquery(root, jtnode, rte, @@ -712,6 +713,7 @@ pull_up_simple_subquery(PlannerInfo *root, Node *jtnode, RangeTblEntry *rte, * pull_up_subqueries. */ if (is_simple_subquery(subquery) && + !rte->security_barrier && (containing_appendrel == NULL || is_safe_append_member(subquery))) { /* good to go */ |