Re: Reworks for Access Control facilities (r2363)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Greg Stark <gsstark(at)mit(dot)edu>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, robertmhaas(at)gmail(dot)com, pgsql-hackers(at)postgresql(dot)org, kaigai(at)kaigai(dot)gr(dot)jp
Subject: Re: Reworks for Access Control facilities (r2363)
Date: 2009-10-16 17:33:05
Message-ID: 8579.1255714385@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Greg Stark <gsstark(at)mit(dot)edu> writes:
> The first step is to add hooks which don't change the security model
> at all, just allow people to control the existing checks from their SE
> configuration.

This is in fact what the presented patch is meant to do. The issue is
about whether the hook placement is sane/useful/extensible. The main
problem I've got with the design is that it doesn't appear to work for
privilege checks made by add-on modules.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2009-10-16 17:34:44 Re: Rejecting weak passwords
Previous Message Tom Lane 2009-10-16 17:23:16 Re: Deprecation