| From: | Greg Smith <greg(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-11 04:54:17 |
| Message-ID: | 4B21D079.30400@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> It's been perfectly clear since day one, and was reiterated as recently
> as today
> http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
> that what the security community wants is row-level security.
I think David Quigley's comments from earlier today summarize the
situation better than I did:
"For our purposes in DoD we need the MAC Framework and the row based
access controls. But if a good starting point is to just do the access
control over the database objects, then it will be useful for some
commercial cases and some limited military cases"
So it's not without value even in its current "Lite" form. But there's
clearly a whole lot more use-cases that would benefit from a version
with row filtering.
--
Greg Smith 2ndQuadrant Baltimore, MD
PostgreSQL Training, Services and Support
greg(at)2ndQuadrant(dot)com www.2ndQuadrant.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-12-11 04:55:49 | Re: [PATCH] dtrace probes for memory manager |
| Previous Message | Tom Lane | 2009-12-11 04:45:37 | Re: Adding support for SE-Linux security |