| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp>, "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com>, "Heikki Linnakangas" <heikki(dot)linnakangas(at)enterprisedb(dot)com>, "Itagaki Takahiro" <itagaki(dot)takahiro(at)gmail(dot)com>, "Robert Haas" <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: leaky views, yet again |
| Date: | 2010-10-13 15:45:51 |
| Message-ID: | 27082.1286984751@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
> I had the pleasure of hearing Admiral Grace Hopper[1] speak at an
> ACM luncheon once. When she discussed security, she asserted that
> there was no such thing as security which could not be breached.
> The goal of security efforts should not be to make it perfect,
> because you can't; any time you convince yourself you have that you
> are simply fooling yourself and missing the vulnerabilities. In her
> view the goal was to make the costs of breaching security higher to
> the perpetrator than the benefits. Each obstacle in their way helps
> tip the scales in your favor.
That's all true, but you have to consider how much the obstacle actually
gets in their way versus how painful it is on your end to create and
maintain the obstacle. I don't think this proposed patch measures up
very well on either end of that tradeoff.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2010-10-13 15:53:35 | Re: levenshtein_less_equal (was: multibyte charater set in levenshtein function) |
| Previous Message | Tom Lane | 2010-10-13 15:42:28 | Re: levenshtein_less_equal (was: multibyte charater set in levenshtein function) |