Re: [PATCH] Largeobject access controls - Mailing list pgsql-hackers
| From | Jaime Casanova |
|---|---|
| Subject | Re: [PATCH] Largeobject access controls |
| Date | |
| Msg-id | 3073cc9b0909221029o31e8db54h5fb532760ea2eecb@mail.gmail.com Whole thread Raw |
| In response to | Re: [PATCH] Largeobject access controls (KaiGai Kohei <kaigai@kaigai.gr.jp>) |
| Responses |
Re: [PATCH] Largeobject access controls
Re: [PATCH] Largeobject access controls |
| List | pgsql-hackers |
On Tue, Sep 22, 2009 at 7:23 AM, KaiGai Kohei <kaigai@kaigai.gr.jp> wrote: > >> another one, is it possible for us to have a CREATE LARGE OBJECT >> statement? >> the reason for this is: >> 1) it is a little ugly to use the OID in ALTER/GRANT/REVOKE >> statements, in a create statement we can assign a name to the LO >> 2) it could be more consistent with other ALTER/GRANT/REVOKE that acts >> over objects created with CREATE while large objects are created via >> lo_import() which makes obvious that are just records in meta-data >> table (hope this is understandable) > > It is not difficult to implement the named-largeobejct. > > However, the matter is whether it is really wanted feature to decorate > a largeobject, or not. yeah! i don't think this will be implemented soon nor that you had to do it... just want to mention it for later discussion because it seems like natural evolution of the feature > >>> It adds a new guc variable to turn on/off compatible behavior in >>> largeobejct access controls. >>> >>> largeobject_compat_dac = [on | off] (default: off) >>> >>> If the variable is turned on, all the new access control features >>> on largeobjects are bypassed, as if v8.4.x or prior did. >> >> the GUC works as intended >> but i don't like the name, it is not very meaningful for those of us >> that doesn't know what DAC or MAC are... > > Do you think the "largeobject_compat_acl" is a meaningful name, instead? > maybe something like "largeobject_security_controls"? >> another point, you really have to put the GUC in the postgresql.conf >> file if you hope people know about it ;) >> it is not documented either > > I'll add a description about the GUC at the document. > Is it also necessary to add postgresql.conf.sample?? > i think so, it's a compatibility issue so it must be easily findable (don't know if that word actually exists, though :) >> About the code... >> - I don't like the name pg_largeobject_meta why not pg_largeobject_acl >> (put here any other name you like)? or there was a reason for that >> choose? > > My preference is a pair of pg_largeobject and pg_largeobject_data (which > has an identical structure to the current pg_largeobject). > > However, it seems to me the pg_largeobject_acl is an incorrect name, > because it also contains the owner identifier which is a part of metadata, > but not an acl. > have anyone better ideas about the name? if not, then go with pg_largeobject_meta -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL Asesoría y desarrollo de sistemas Guayaquil - Ecuador Cel. +59387171157
pgsql-hackers by date: