Tom Lane wrote: > Hannu Krosing <[EMAIL PROTECTED]> writes: > > It seems to be a broken view not security risk in 7.2.1 > > The implementation of temp tables has changed completely in CVS tip, > so experiments with 7.2 aren't very relevant. In CVS tip I believe > you *could* read the contents of someone else's temp table, assuming > you had permissions to read the view. However, you'd not be guaranteed > to get up-to-date information, since the guy who actually owns the temp > table would be using his local-buffer manager for access to it; there > might be many pages that you'd see stale information from because the > only up-to-date copy is in local memory of the owning backend. > > I see some potential for confusion here, but not really any > crash-the-database scenarios. I also do not see a security risk: > you did grant the other guy read permission on your view, after all.
Does every other user see the view name on his temp table? Can two people create a view on a temp table at the same time? It seems not: test=> create temp table x1(x int); CREATE TABLE test=> create view x2 as select * from x1; ERROR: Relation 'x2' already exist Seems this should work. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])