| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 20:03:00 |
| Message-ID: | 22052.1233086580@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
> It seems to me that there are two different standards to which this feature
> might be held.
> Is the goal
> a) SEPostgres can provide useful rules to add security to some
> specific applications so long as you're careful to avoid crafting
> policies that produce bizarre behaviors (like avoiding restricing
> access to foreign key data you might need). On the other hand it
> gives you enough rope to hang yourself and produce weird results
> that don't make sense from a SQL standard point of view if you
> aren't careful matching the SEPostgres rules with your apps.
> or
> b) SEPostgreSQL should only give enough rope that you can not
> craft rules that produce unexpected behavior from a SQL point
> of view; and that it would be bad if one can produce SEPostgres
> policies that produce unexpected SQL behavior.
With my other hat on (the red one) what I'm concerned about is whether
this patch will ever produce a feature that I could turn on in the
standard Red Hat/Fedora build of Postgres. Right at the moment it seems
that the potential performance hit, for users who are *not using*
SEPostgres but merely have to use a build in which it is present,
might be bad enough to guarantee that that will never happen.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2009-01-27 20:03:25 | Re: pg_upgrade project status |
| Previous Message | Joshua Brindle | 2009-01-27 20:00:39 | Re: 8.4 release planning |