| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Joshua Brindle <method(at)manicmethod(dot)com> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 19:41:03 |
| Message-ID: | 1233085263.2327.2265.camel@ebony.2ndQuadrant |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2009-01-27 at 13:57 -0500, Joshua Brindle wrote:
> Josh Berkus wrote:
> > Josh,
> >
> >> We do not consider that a short coming, anyone who needs to hide
> >> existence of files needs to set up their directory structure to
> >> disallow read/search/create on the directories they aren't allowed to
> >> discover filenames in. Polyinstanciation can also address this issue.
> >
> > Hmmm. Why try to hide individual rows in tables then? That would seem
> > not in keeping with the filesystem policies.
> >
>
> Because rows have data in them. It is analogous to not allowing the contents of
> the file to be visible. However, the primary key is still known to exist through
> various means, which is more analogous to the filename.
Since most keys are likely to be non-meaningful IDs, its not going to
help you much.
And besides, all you have to do is reserve key ranges for different
security levels so there would never be any overlap.
So its not really even a difficult problem to get around.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-01-27 19:41:11 | Re: Commitfest infrastructure (was Re: 8.4 release planning) |
| Previous Message | Robert Haas | 2009-01-27 19:39:34 | Re: 8.4 release planning (was Re: [COMMITTERS] pgsql: Automatic view update rules) |