| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, Oleg Bartunov <obartunov(at)gmail(dot)com>, Greg Smith <greg(at)2ndquadrant(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [v9.4] row level security |
| Date: | 2013-09-03 00:08:45 |
| Message-ID: | 20130903000845.GA21874@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Sep 1, 2013 at 11:05:58AM -0700, Josh Berkus wrote:
> > Security community also concludes it is not avoidable nature as long
> > as human can observe system behavior and estimate something, thus,
> > security evaluation criteria does not require eliminate covert-channels
> > or does not pay attention about covert-channels for the products that
> > is installed on the environment with basic robustness (that means,
> > non-military, regular enterprise usage).
>
> To be completely blunt, the security community does not understand
> databases. At all. I'd think if anything had become clear through the
> course of work on SEPosgres, it would be that.
Agreed. The security community realizes these covert channels exist,
but doesn't really have any recommendations on how to avoid them. You
could argue that avoiding them is too tied to specific database
implementations, but there are general channels, like insert with a
unique key, that should at least have well-defined solutions.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Johnston | 2013-09-03 00:15:24 | Re: ENABLE/DISABLE CONSTRAINT NAME |
| Previous Message | Tom Lane | 2013-09-02 23:54:25 | Re: 9.3 RC1 psql encoding reporting inconsistently? |