| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, Greg Williamson <gwilliamson39(at)yahoo(dot)com>, Sam Mason <sam(at)samason(dot)me(dot)uk>, Joshua Brindle <method(at)manicmethod(dot)com> |
| Subject: | Re: SE-PostgreSQL Specifications |
| Date: | 2009-08-01 01:09:13 |
| Message-ID: | 20090801010913.GX23840@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* KaiGai Kohei (kaigai(at)kaigai(dot)gr(dot)jp) wrote:
> As I noted in the reply to Stephen Frost, "what should be controled"
> (e.g, ALTER TABLE) and "how to check it" (e.g, ownership based control)
> are different things.
>
> If we go on the direction to restructure the current aclcheck mechanism
> and to integrate entry points of security features into a single file,
> I really really want an implementation independent layer which focuses
> on access controls.
I think that's what I'm advocating.. If, by that, you mean we should do
it in a separate file from aclchk.c, I'm not against that. It would
likely mean moving some things *from* aclchk.c into it, and then just
using aclchk.c for "helpers" to support the PG permissions. I'm not
sure which way would be "easier" to handle in terms of patch review,
etc..
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Kirkwood | 2009-08-01 01:14:16 | Re: Lock Wait Statistics (next commitfest) |
| Previous Message | Stephen Frost | 2009-08-01 01:04:12 | Re: SE-PostgreSQL Specifications |