Home > mailing lists

Re: [RFC] PostgreSQL Access Control Extension (PGACE) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [RFC] PostgreSQL Access Control Extension (PGACE)
Date	April 18, 2007 18:54:05
Msg-id	7855.1176922403@sss.pgh.pa.us Whole thread Raw
In response to	Re: [RFC] PostgreSQL Access Control Extension (PGACE) (KaiGai Kohei <kaigai@kaigai.gr.jp>)
Responses	Re: [RFC] PostgreSQL Access Control Extension (PGACE)
List	pgsql-hackers

Tree view

KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
>>> There are also
>>> some interesting questions about SQL spec compliance and whether a
>>> database that silently hides some rows from you will give semantically
>>> consistent results.
>> 
>> Yeah -- that's a potentially serious issue; KaiGai, have you looked into 
>> it?

> Yes, I consider the policy to filter any violated tuple looks consistently.
> The policy enforces any tuple has to be filtered before using them, and
> it helps that computational processes don't get any effect from them.

> But proving innocence is generally hard task.
> At first, I want to know what points are you worried about the most.

Unique constraints and foreign-key constraints seem the most pressing
problems.  What will you do to avoid having different viewers have
different opinions about whether a constraint is violated?
        regards, tom lane

pgsql-hackers by date:

From: KaiGai Kohei
Date: 18 April 2007, 18:44:28
Subject: Re: [RFC] PostgreSQL Access Control Extension (PGACE)

From: Aidan Van Dyk
Date: 18 April 2007, 19:00:03
Subject: Re: Hacking on PostgreSQL via GIT

Re: [RFC] PostgreSQL Access Control Extension (PGACE) - Mailing list pgsql-hackers

Previous

Next