从安全的角度来看,以下策略的实施是否等效?
隐式:
CREATE POLICY test_access_policy ON test
TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT)))
WITH CHECK (TRUE);
显式:
CREATE POLICY test_insert_policy ON test
FOR INSERT TO PUBLIC
WITH CHECK (TRUE);
CREATE POLICY test_select_policy ON test
FOR SELECT TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT)));
CREATE POLICY test_update_policy ON test
FOR UPDATE TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT)));
CREATE POLICY test_delete_policy ON test
FOR DELETE TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT)));
我担心的是更新政策,如文档中所述:
任何更新值未通过 WITH CHECK 表达式的行都将导致错误,并且整个命令将被中止。如果仅指定了 USING 子句,则该子句将用于 USING 和 WITH CHECK 情况。
据我了解,隐式版本(oneliner)的等效更新策略如下:
CREATE POLICY test_update_policy ON test
FOR UPDATE TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT))) WITH CHECK (TRUE);
而显式版本是:
CREATE POLICY test_update_policy ON test
FOR UPDATE TO PUBLIC
USING (id = (current_setting('rls.id'::TEXT))) WITH CHECK (id =
(current_setting('rls.id'::TEXT)));
在测试了这两种情况后,我没有找到任何安全桥,我错过了什么吗?