| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Joshua Brindle <method(at)manicmethod(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndQuadrant(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 19:32:11 |
| Message-ID: | 20090127193211.GP8123@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> This seems to me to be exactly parallel to deciding that SELinux should
> control only table/column permissions within SQL; an approach that would
> be enormously less controversial, less expensive, and more reliable than
> what SEPostgres tries to do.
While also ignoring a feature that is available, and used by these same
security communities, in other enterprise RDBMSs...
http://www.securityfocus.com/infocus/1743
http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx
It's not codified in the SQL spec (yet..) that I saw, and maybe we could
seperate out the SE bits from the row-level bits, but I'm really not
sure I see the value in doing that..
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Mayer | 2009-01-27 19:33:10 | Re: 8.4 release planning |
| Previous Message | Tom Lane | 2009-01-27 19:31:26 | Re: pg_upgrade project status |