| From: | Gregory Smith <gregsmithpgsql(at)gmail(dot)com> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Greg Stark <stark(at)mit(dot)edu>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, jeff(dot)mccormick(at)crunchydatasolutions(dot)com |
| Subject: | Re: row security roadmap proposal |
| Date: | 2013-12-20 02:18:10 |
| Message-ID: | 52B3A8E2.1080105@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/18/13 10:21 PM, Craig Ringer wrote:
> In the end, sometimes I guess there's no replacement for "WHERE
> call_some_procedure()"
That's where I keep ending up at. The next round of examples I'm
reviewing this week plug pl/pgsql code into that model. And the one
after that actually references locally cached data that starts stored in
LDAP on another machine altogether. That one I haven't even asked for
permission to share with the community because of my long standing LDAP
allergy, but the whole thing plugs into the already submitted patch just
fine. (Shrug)
I started calling all of the things that generate data for RLS to filter
on "label providers". You've been using SELinux as an example future
label provider. Things like this LDAP originated bit are another
provider. Making the database itself a richer label provider one day is
an interesting usability improvement to map out. But on the proof of
concept things I've been getting passed I haven't seen an example where
I'd use that yet anyway. The real world label providers are too
complicated.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2013-12-20 02:22:02 | Re: preserving forensic information when we freeze |
| Previous Message | Jim Nasby | 2013-12-20 02:09:47 | Re: preserving forensic information when we freeze |