Re: leaky views, yet again

On Wed, Oct 13, 2010 at 11:45 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
>> I had the pleasure of hearing Admiral Grace Hopper[1] speak at an
>> ACM luncheon once.  When she discussed security, she asserted that
>> there was no such thing as security which could not be breached.
>> The goal of security efforts should not be to make it perfect,
>> because you can't; any time you convince yourself you have that you
>> are simply fooling yourself and missing the vulnerabilities.  In her
>> view the goal was to make the costs of breaching security higher to
>> the perpetrator than the benefits.  Each obstacle in their way helps
>> tip the scales in your favor.
>
> That's all true, but you have to consider how much the obstacle actually
> gets in their way versus how painful it is on your end to create and
> maintain the obstacle.  I don't think this proposed patch measures up
> very well on either end of that tradeoff.

I think it would behoove us to try to separate concerns about this
particular patch from concerns about the viability of the whole
approach. Whether or not it's useful to do X is a different question
than whether it can be done with few enough lines of code and/or
whether this patch actually does it well.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company