Martijn van Oosterhout <klep...@svana.org> writes: > One thing I keep missing in this discussion: the term "row-level > security" in the above senstence in not the important part. Right now > you can revoke SELECT permission on a table with a foreign key and it > will still prevent UPDATEs and DELETEs of the primary key, allowing > users to infer the existance of an invisible FK.
> This is the same "covert channel", so why is it a problem for > SE-Postgres and not for normal Postgres? The reason it's a problem for SE-Postgres is that the entire row-level security feature is advertised on the premise that it allows you to hide the existence of data; a claim not made by regular SQL. If the feature doesn't do what it's claimed to do then it's fair to ask why have it. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers