| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, Greg Williamson <gwilliamson39(at)yahoo(dot)com>, Sam Mason <sam(at)samason(dot)me(dot)uk>, Joshua Brindle <method(at)manicmethod(dot)com> |
| Subject: | Re: SE-PostgreSQL Specifications |
| Date: | 2009-08-01 00:31:23 |
| Message-ID: | 4A738CDB.8090901@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> FWIW, pretty much +1 from me on everything in here; I think this is
> definitely going in the right direction. It's not the size of the
> patches that matter; it's the complexity and difficulty of verifying
> that they don't break anything. And it's not cumulative: three easy
> patches are better than one hard one, as long as they're really
> self-contained.
>
> The idea of restructuring the aclcheck mechanism to support sepgsql
> is, IMO, brilliant.
As I noted in the reply to Stephen Frost, "what should be controled"
(e.g, ALTER TABLE) and "how to check it" (e.g, ownership based control)
are different things.
If we go on the direction to restructure the current aclcheck mechanism
and to integrate entry points of security features into a single file,
I really really want an implementation independent layer which focuses
on access controls.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2009-08-01 01:04:12 | Re: SE-PostgreSQL Specifications |
| Previous Message | KaiGai Kohei | 2009-08-01 00:22:33 | Re: SE-PostgreSQL Specifications |