On 10 October 2014 12:01, Heikki Linnakangas <hlinnakangas@vmware.com> wrote:
> Really, I don't see how this can possible be made to work. You can't allow
> ad hoc processing of data, and still avoid revealing it to the user.
Anyone with unmonitored access and sufficient time can break through security.
I think that is true of any kind of security, and so it is true here also.
Auditing and controls are required also, that's why I suggested those
first. This proposal was looking beyond that to what we might need
next.
-- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services