OK, got it. Thank you very much.
------------------------------------------------------------------
发件人:Tom Lane <t...@sss.pgh.pa.us>
发送时间:2022年10月18日(星期二) 00:27
收件人:qiumingcheng <qiumingch...@aliyun.com>
抄 送:Laurenz Albe <laurenz.a...@cybertec.at>; Julien Rouhaud
<rjuju...@gmail.com>; pgsql-general <pgsql-general@lists.postgresql.org>;
yuexingzhi <yuexing...@hotmail.com>
主 题:Re: 回复:回复:回复:回复:A question about leakproof
"qiumingcheng" <qiumingch...@aliyun.com> writes:
> Yes, It's capable of throwing an error(timestamp out of range) , but the
> message "timestamp out of range" is not sensitive information.
Really? Whether that's true at all is a matter of opinion. There's
also the prospect that somebody could determine the value of a
supposedly-unreadable timestamp by seeing how big an interval could
be added to it without overflow. Maybe that's infeasible because of
timestamp_pl_interval not being marked leakproof, but then we're
getting into precisely the sort of conditional-on-other-assumptions
reasoning that we don't want to indulge in.
> Only from this function(timestamp_gt_timestamptz), can it be marked as
> leakproof?
Project policy is that we will not mark a function as leakproof unless
it's evident from the text of the function that it can't throw errors.
I don't see a good argument for making a exception for this one.
regards, tom lane
