Re: function body actors (was: [PERFORM] viewing source code) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: function body actors (was: [PERFORM] viewing source code)
Date
Msg-id 6533.1198255663@sss.pgh.pa.us
Whole thread Raw
In response to Re: function body actors (was: [PERFORM] viewing source code)  (Andrew Sullivan <ajs@crankycanuck.ca>)
List pgsql-hackers
Andrew Sullivan <ajs@crankycanuck.ca> writes:
> On Fri, Dec 21, 2007 at 12:09:28AM -0500, Merlin Moncure wrote:
>> Maybe a key management solution isn't required.

> I like this idea much better, because the same basic mechanism can be used
> for more than one thing, and it doesn't build in a system that is
> fundamentally weak.  Of course, you _can_ build a weak system this way, but
> there's an important difference between building a fundamentally weak system
> and making weak systems possible.

I find myself unconvinced by this argument.  The main problem is: how
do we know that it's possible to build a strong system atop this
mechanism?  Just leaving it to non-security-savvy users seems to me
to be a great way to guarantee a lot of weak systems in the field.
ISTM our minimum responsibility would be to design and document how
to build a strong protection system using the feature ... and at that
point why not build it in?

I've certainly got no objection to making a mechanism that can be used
for more than one purpose; but not offering a complete security solution
is abdicating our responsibility.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Andrew Sullivan
Date:
Subject: Re: function body actors (was: [PERFORM] viewing source code)
Next
From: Andrew Sullivan
Date:
Subject: Re: function body actors (was: [PERFORM] viewing source code)