On Sun, Feb 21, 2021 at 5:27 AM Andrew Lamb <al...@influxdata.com> wrote:
> For what it is worth, my experience with some SQL databases has been the > opposite -- ordering can and does differ from statement to statement if the > clause has a GROUP BY but no ORDER BY). > Is this a security issue? If the GROUP BY results aren't repeatable, then the ordering must come from some state internal to the server. Could a clever caller reverse-engineer that state to find out what's in the server's RAM? For instance, if a 12-row result's ordering cycles through 25 permutations repeatedly, then Alice can memorize the pattern. With that information she can detect, in a given amount of time, how many times Bob ran the same query. Adam -- Adam Hooper +1-514-882-9694 http://adamhooper.com
