Skip site navigation (1) Skip section navigation (2)

Re: Updates of SE-PostgreSQL 8.4devel patches (r1668)

From: Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1668)
Date: 2009-03-04 20:28:02
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Ok, I've taken a quick look at this too. My first impression is that 
this is actually not a very big patch. Much much smaller than I was 
afraid of. It seems that dropping the row-level security and the other 
change you've already done have helped a great deal.

My first question is, why does the patch need the walker implementation 
to gather all the accessed tables and columns? Can't you hook into the 
usual pg_xxx_aclcheck() functions? In fact, Peter asked that same 
question here: (among 
other things). Many things have changed since, but I don't think that 
question has been adequately answered. Different handling of permissions 
on views was mentioned, but I think that could be handled with just a 
few extra checks in the rewriter or executor.

The hooks in simple_heap_insert also seem a bit weird. Perhaps an 
artifact of the row-level security stuff that's no longer there. ISTM 
that setting the defaults should be done in the same places where the 
defaults for acl columns are filled, e.g in ProcedureCreate.

PS. s/proselabal/proselabel

   Heikki Linnakangas

In response to


pgsql-hackers by date

Next:From: Dimitri FontaineDate: 2009-03-04 20:28:11
Subject: Re: Is there an official log reader for PostgreSQL?
Previous:From: André VolpatoDate: 2009-03-04 20:27:34
Subject: cbrt() broken in AIX

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group