Peter Eisentraut wrote:
> On Friday 12 December 2008 19:09:26 Alvaro Herrera wrote:
>> I don't understand -- why wouldn't we just have two columns, one for
>> plain row-level security and another for whatever security system the
>> platforms happens to offer? If we were to follow that route, we could
>> have row-level security first, extracting the feature from the current
>> patch; and the rest of PGACE could be a much smaller patch implementing
>> the rest of the stuff, with SELinux support for now with an eye to
>> implementing Solaris TX or whatever.
It seems to me most of people (including me) can agree on the "2 security
feature and 2 security system columns" approach.
Now, I started to work the implementation based on the way here:
It enables to support a plain row-level DAC and a selectable MAC.
So, it does not require more than two security system columns, in future also.
Please wait for a few days to see the revised version of patches.
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2008-12-15 01:02:29|
|Subject: Re: Bug in information_schema: FK constraint is defined as against referenced table only |
|Previous:||From: Tom Lane||Date: 2008-12-15 00:47:40|
|Subject: Re: So, why shouldn't SET CONSTRAINTS set a transaction snapshot? |