Skip site navigation (1) Skip section navigation (2)

Re: SE-PostgreSQL Specifications

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, Greg Williamson <gwilliamson39(at)yahoo(dot)com>, Sam Mason <sam(at)samason(dot)me(dot)uk>, Joshua Brindle <method(at)manicmethod(dot)com>
Subject: Re: SE-PostgreSQL Specifications
Date: 2009-08-01 00:31:23
Message-ID: 4A738CDB.8090901@kaigai.gr.jp (view raw or flat)
Thread:
Lists: pgsql-hackers
Robert Haas wrote:
> FWIW, pretty much +1 from me on everything in here; I think this is
> definitely going in the right direction.  It's not the size of the
> patches that matter; it's the complexity and difficulty of verifying
> that they don't break anything.  And it's not cumulative: three easy
> patches are better than one hard one, as long as they're really
> self-contained.
> 
> The idea of restructuring the aclcheck mechanism to support sepgsql
> is, IMO, brilliant.

As I noted in the reply to Stephen Frost, "what should be controled"
(e.g, ALTER TABLE) and "how to check it" (e.g, ownership based control)
are different things.

If we go on the direction to restructure the current aclcheck mechanism
and to integrate entry points of security features into a single file,
I really really want an implementation independent layer which focuses
on access controls.

Thanks,
-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

Responses

pgsql-hackers by date

Next:From: Stephen FrostDate: 2009-08-01 01:04:12
Subject: Re: SE-PostgreSQL Specifications
Previous:From: KaiGai KoheiDate: 2009-08-01 00:22:33
Subject: Re: SE-PostgreSQL Specifications

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group