On Wed, 2013-09-04 at 14:35 +0000, Robert Haas wrote:
>
> On Fri, Aug 30, 2013 at 3:43 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > I think it's entirely sensible to question whether we should reject
> (not
> > "hold up") RLS if it has major covert-channel problems.
>
> We've already had this argument before, about the security_barrier
[ . . . ]
Sorry for following up on this so late, I have just been trying to catch
up with the mailing lists.
I am the developer of Veil, which this thread mentioned a number of
times. I wanted to state/confirm a number of things:
Veil is not up to date wrt Postgres versions. I didn't release a new
version for 9.2, and when no-one complained I figured no-one other than
me was using it. I'll happily update it if anyone wants it.
Veil makes no attempt to avoid covert channels. It can't.
Veil is a low-level toolset designed for optimising queries about
privileges. It allows you to build RLS with reasonable performance, but
it is not in itself a solution for RLS.
I wish the Postgres RLS project well and look forward to its release in
Postgres 9.4.
__
Marc
