Open RogerTangos opened 8 years ago
@justinanderson notes that we don't want users to be deduce what security policies are based on the rewritten queries, though this might be useful for determining what other users' queries on the grantor's table would be rewritten as.
I think exposing underlying implementation details (re-written query) would be a bad idea -- it will expose new ways of SQL injection to invalidate the re-write (it's not hard to inject predicates to invalidate RLS condition).
-- anant
On Fri, Mar 25, 2016 at 12:00 PM, Albert Carter notifications@github.com wrote:
@justinanderson https://github.com/justinanderson notes that we don't want users to be deduce what security policies are based on the rewritten queries, though this might be useful for determining what other users' queries on the grantor's table would be rewritten as.
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/datahuborg/datahub/issues/129#issuecomment-201428480
Let's redefine this issue as "users should have an API to create, look up, edit, and delete policies where they're the grantor".
Send datahub a query and have RLS reply with the query it was rewritten as.