| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndQuadrant(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: 8.4 release planning |
| Date: | 2009-01-27 18:39:37 |
| Message-ID: | 497F54E9.9070507@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
> * Gregory Stark (stark(at)enterprisedb(dot)com) wrote:
>> It does seem weird to simply omit records rather than throw an error and
>> require the user to use a where clause, even if it's something like WHERE
>> pg_accessible(tab).
The idea is for the level of informations security we're talking about,
someone with limited permissions not only isn't allowed to know certain
data, they're not allowed to know certain data *exists*. Within the
SELinux framework, this is accomplished by hiding files you don't have
permission to see, not merely denying access to them.
The presumption is that if you know the data exists but can't access it
directly, you'll use indirect methods to derive what it is. But if you
don't even know it exists, then you won't look for it.
There's a level above that which I don't think SEPostgres implements,
which is data substitution, in which you see different data according to
what security level you are. While this may seem insane for a business
application, for military-support applications it makes some sense.
--Josh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zdenek Kotala | 2009-01-27 18:39:56 | Re: pg_upgrade project status |
| Previous Message | Andrew Sullivan | 2009-01-27 18:15:34 | Re: 8.4 release planning |