On Thu, 29 May 2025 at 15:44, Robert Haas <robertmh...@gmail.com> wrote: > But so far - apart from this feature - we > have managed to avoid making it categorically unsafe for the superuser > to run "SELECT * FROM table"
With CREATE RULE [0], a table owner can redefine what happens during e.g. SELECT * FROM table. This also includes outputting alternative data sources, or e.g. calling a user-defined SECURITY INVOKER function. PG18 still seems to have support for CREATE RULE, so virtual generated columns don't create a completely new security issue (blind SELECT * FROM user_defined_table was already insecure) but rather a new threat vector to this privilege escalation. Kind regards, Matthias van de Meent Neon (https://neon.tech) [0] https://www.postgresql.org/docs/18/sql-createrule.html
