Thread: Where to hook my custom access control module?
Hello, first of all, I've tried to ask on pgsql-general mailing list as advised, but no answer. I'd like to look at a possibility of integrating OpenPMF (http://www.openpmf.org) with the PostgreSQL. There is a possibility to have a "weak" integration by using a provided rule system and SQL, but this way we would lose central management functionality of OpenPMF, especially its policy violation notifications and we'll need to synchronize rules with policies from time to time. So now I think about how to directly integrate some kind of OpenPMF policy enforcement point into the PostgreSQL. For this I would need some access control hook inside PostgreSQL which would be called on every action and my PEP would get a chance to deny some access. Is there anything like that supported in the PostgreSQL? Thanks! Karel -- Karel Gardas kgardas@objectsecurity.com ObjectSecurity Ltd. http://www.objectsecurity.com
Karel Gardas wrote: > > Hello, > > first of all, I've tried to ask on pgsql-general mailing list as advised, > but no answer. > > I'd like to look at a possibility of integrating OpenPMF > (http://www.openpmf.org) with the PostgreSQL. There is a possibility to > have a "weak" integration by using a provided rule system and SQL, but > this way we would lose central management functionality of OpenPMF, > especially its policy violation notifications and we'll need to > synchronize rules with policies from time to time. So now I think about > how to directly integrate some kind of OpenPMF policy enforcement point > into the PostgreSQL. For this I would need some access control hook inside > PostgreSQL which would be called on every action and my PEP would get a > chance to deny some access. Is there anything like that supported in the > PostgreSQL? > Exactly what is "open" about this product other than the name? It looks closed and proprietary to me. cheers andrew
On Wed, 9 May 2007, Andrew Dunstan wrote: > Karel Gardas wrote: >> [...] >> I'd like to look at a possibility of integrating OpenPMF >> (http://www.openpmf.org) with the PostgreSQL. [...] > Exactly what is "open" about this product other than the name? It looks > closed and proprietary to me. It was free software (GPL) at the beginning, but we were not able to attract community around it, it seems it was put to public too early, so we decided to put it back to closed source and especially improve its platform support. Hence I'm asking here for any authorization hook inside PGSQL. Thanks, Karel -- Karel Gardas kgardas@objectsecurity.com ObjectSecurity Ltd. http://www.objectsecurity.com