| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, robertmhaas(at)gmail(dot)com, pgsql-hackers(at)postgresql(dot)org, kaigai(at)kaigai(dot)gr(dot)jp |
| Subject: | Re: Reworks for Access Control facilities (r2363) |
| Date: | 2009-10-16 16:45:54 |
| Message-ID: | 407d949e0910160945x6bb99198xb3c23b9554669361@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/10/16 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> . In addition, I already tried to put SE-PG hooks
> within pg_xxx_aclchecks() in this CF, but it was failed due to the
> differences in the security models.
I thought the last discussion ended with a pretty strong conclusion
that we didn't want differences in the security models.
The first step is to add hooks which don't change the security model
at all, just allow people to control the existing checks from their SE
configuration. Only as a second step we would look into making
incremental changes to the postgres security model to add support for
privileges SE users might expect to find, eventually possibly
including per-row permissions.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | decibel | 2009-10-16 17:04:28 | Re: contrib/plantuner - enable PostgreSQL planner hints |
| Previous Message | Mark Mielke | 2009-10-16 16:40:09 | Re: Rejecting weak passwords |