Re: SE-PostgreSQL and row level security

On Mon, Feb 16, 2009 at 12:18 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> With reference to row-level security, most of the complaining about
> this feature has been along the lines of "I don't like the idea that
> rows get filtered from my result-set that I didn't ask to have
> filtered".

yeah! because was filtered by powers above yours... ;)

i thing row level acl it's good feature for those that *really* need
it, as every other solution this is not for everyone and could and
will be misused sometimes... as far as the code maintain readibility
and doesn't interfer in an instalation that doesn't include
--enable-selinux i'm in favor of including it...

> To me, the fact that you didn't have to ask seems like a
> huge convenience, and I can't imagine why you'd want it otherwise.
> Sure, the behavior needs to be documented, but that doesn't seem like
> a big deal.
>

not only a convenience, it's a way to enforce policies that cannot be
circumvented easily from programming (if you have very secret info
that cost a lot, you can start being paranoic even of your own
developing team ;)

--
Atentamente,
Jaime Casanova
Soporte y capacitación de PostgreSQL
Asesoría y desarrollo de sistemas
Guayaquil - Ecuador
Cel. +59387171157