On Wed, Jul 31, 2024 at 2:43 PM Joe Conway <m...@joeconway.com> wrote: > I still maintain that there is a whole host of users that would accept > the risk of side channel attacks via existence of an error or not, if > they could only be sure nothing sensitive leaks directly into the logs > or to the clients. We should give them that choice.
I'm not sure what design you have in mind. A lot of possible designs seem to end up like this: 1. You can't directly select the invisible value. 2. But you can write a plpgsql procedure that tries a bunch of things in a loop and catches errors and uses which things error and which things don't to figure out and return the invisible value. And I would argue that's not really that useful. Especially if that plpgsql procedure can extract the hidden values in like 1ms/row. -- Robert Haas EDB: http://www.enterprisedb.com
