Home > mailing lists

Re: Row-security writer-side checks proposal - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Row-security writer-side checks proposal
Date	November 5, 2013 19:24:41
Msg-id	CA+TgmoaRC5C6JDPHRiprk5R9-+2RnMggGa5RjmpO30JCDJxJww@mail.gmail.com Whole thread Raw
In response to	Re: Row-security writer-side checks proposal (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On Tue, Nov 5, 2013 at 9:01 AM, Stephen Frost <sfrost@snowman.net> wrote:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> Now maybe that's fine.  But given that, I think it's pretty important
>> that we get the syntax right.  Because if you're adding a feature
>> primarily to add a more convenient syntax, then the syntax had better
>> actually be convenient.
>
> I agree that we want to get the syntax correct, but also very clear as
> it's security related and we don't want anyone surprised by what happens
> when they use it.  The idea, as has been discussed in the past, is to
> then allow tying RLS in with SELinux and provide MAC.

No argument.  I think "convenient" and "unsurprising" are closely-aligned goals.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Andrew Dunstan
Date: 05 November 2013, 19:00:02
Subject: Re: [PATCH] configure: add git describe output to PG_VERSION when building a git tree

From: Oskari Saarenmaa
Date: 05 November 2013, 19:29:16
Subject: [PATCH] configure: allow adding a custom string to PG_VERSION

Re: Row-security writer-side checks proposal - Mailing list pgsql-hackers

Previous

Next