Re: security label support, part.2 - Mailing list pgsql-hackers

From Robert Haas
Subject Re: security label support, part.2
Date
Msg-id AANLkTikUR_TcxDguiDeocD7LsO1eQ3OxbgzmHy1CmUAR@mail.gmail.com
Whole thread Raw
In response to Re: security label support, part.2  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
On Fri, Jul 23, 2010 at 8:32 AM, Stephen Frost <sfrost@snowman.net> wrote:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> I don't understand why we wouldn't be able to support multiple
>> providers for row-level security.  Why do you think that's a problem?
>
> My guess would be that he's concerned about only having space in the
> tuple header for 1 label.  I see two answers- only allow 1 provider for
> a given relation (doesn't strike me as a horrible limitation), or handle
> labels as extra columns where you could have more than one.

I think we've been pretty clear in previous discussions that any
row-level security implementation should be a general one, and
SE-Linux or whatever can integrate with that to do what it needs to
do.  So I'm pretty sure we'll be using regular columns rather than
cramming anything into the tuple header.  There are pretty substantial
performance benefits to such an implementation, as well.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company


pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: security label support, part.2
Next
From: KaiGai Kohei
Date:
Subject: Re: security label support, part.2