Comments (4)
@ianschmitz By the way, it is no longer a documentation issue for this repo. I've just seen that about 20 days after you created this issue, the Readme file was updated to include information about how to set the security invoker:
Any TCE security label can be appended with the string
SECURITY INVOKER
which will cause the automatically generated view to be markedsecurity_invoker=true
.
from pgsodium.
hey @ianschmitz,
I know this issue is old, but it has been on my mind for a while because it was really surprising to me that this was the default behavior and there was no way to specify the security invoker.
As a workaround, I would typically patch the generated view like this:
ALTER VIEW public.decrypted_my_original_table SET (security_invoker = on);
Of course, that was far from ideal.
Today, I found this PR, and I was wondering whether setting SECURITY INVOKER at the time of applying the security label would generate a decrypted_my_original_table
view with the security invoker on.
And according to my tests, it does indeed.
Note: I tested it using DBeaver's DDL generation over the view, as other tools such as Supabase Admin Studio never show the security invoker part in a view DDL, regardless of whether it has it or not.
from pgsodium.
@fabricior interesting. Are you thinking this is more of a documentation issue? For context i'm coming from pgsodium usage within Supabase.
from pgsodium.
@fabricior interesting. Are you thinking this is more of a documentation issue? For context i'm coming from pgsodium usage within Supabase.
@ianschmitz yes, same here. I read about all this in a supabase blog post IIRC. I was thinking of creating an issue/pr if it is not fixed already
from pgsodium.
Related Issues (20)
- Error creating security label using Postgres 14/15 and pgsodium 3.1.5 HOT 2
- setting security label in two different tables fails HOT 5
- Incoherency between fields `pgsodium.key.status` and `pgsodium.key.expires`
- Grant `REFERENCES` on `pgsodium.key` to pgsodium_keyiduser?
- Updated value in secret column does not get encrypted HOT 5
- Running into `fatal error: 'sodium.h' file not found` error during installation HOT 4
- Failing pgtap Tests
- How to manage pgsodium_root.key in primary-secondary cluster
- jsonb type support HOT 1
- Help section needed - Backup/Restore of database
- ERROR: pgsodium_derive_helper: pgsodium_derive: no server secret key defined HOT 1
- Doesn't work well with on conflict Json
- Which version supports on debian 10
- Homomorphic encryption
- Does this not support custom domains? HOT 1
- Error .. security label
- TCE not using specified key to encrypt on update
- Dockerfile needs updation. Image isnt getting generated for postgresql 16.3
- `get_key_by_name` should be marked as stable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pgsodium.