Postgres Pro
Downloads
Home   >   mailing lists

Thread: Where to hook my custom access control module?

Where to hook my custom access control module?

From
Karel Gardas
Date:
Hello,

first of all, I've tried to ask on pgsql-general mailing list as advised, 
but no answer.

I'd like to look at a possibility of integrating OpenPMF 
(http://www.openpmf.org) with the PostgreSQL. There is a possibility to 
have a "weak" integration by using a provided rule system and SQL, but 
this way we would lose central management functionality of OpenPMF, 
especially its policy violation notifications and we'll need to 
synchronize rules with policies from time to time. So now I think about 
how to directly integrate some kind of OpenPMF policy enforcement point 
into the PostgreSQL. For this I would need some access control hook inside 
PostgreSQL which would be called on every action and my PEP would get a 
chance to deny some access. Is there anything like that supported in the 
PostgreSQL?

Thanks!
Karel
--
Karel Gardas                  kgardas@objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com

Re: Where to hook my custom access control module?

From
"Andrew Dunstan"
Date:
Karel Gardas wrote:
>
> Hello,
>
> first of all, I've tried to ask on pgsql-general mailing list as advised,
> but no answer.
>
> I'd like to look at a possibility of integrating OpenPMF
> (http://www.openpmf.org) with the PostgreSQL. There is a possibility to
> have a "weak" integration by using a provided rule system and SQL, but
> this way we would lose central management functionality of OpenPMF,
> especially its policy violation notifications and we'll need to
> synchronize rules with policies from time to time. So now I think about
> how to directly integrate some kind of OpenPMF policy enforcement point
> into the PostgreSQL. For this I would need some access control hook inside
> PostgreSQL which would be called on every action and my PEP would get a
> chance to deny some access. Is there anything like that supported in the
> PostgreSQL?
>


Exactly what is "open" about this product other than the name? It looks
closed and proprietary to me.

cheers

andrew

Re: Where to hook my custom access control module?

From
Karel Gardas
Date:
On Wed, 9 May 2007, Andrew Dunstan wrote:

> Karel Gardas wrote:
>>

[...]

>> I'd like to look at a possibility of integrating OpenPMF
>> (http://www.openpmf.org) with the PostgreSQL.

[...]

> Exactly what is "open" about this product other than the name? It looks
> closed and proprietary to me.

It was free software (GPL) at the beginning, but we were not able to 
attract community around it, it seems it was put to public too early, so 
we decided to put it back to closed source and especially improve its 
platform support. Hence I'm asking here for any authorization hook inside 
PGSQL.

Thanks,
Karel
--
Karel Gardas                  kgardas@objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com