Re: [v9.4] row level security

On Wed, 2013-09-04 at 14:35 +0000, Robert Haas wrote:
>
> On Fri, Aug 30, 2013 at 3:43 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > I think it's entirely sensible to question whether we should reject
> (not
> > "hold up") RLS if it has major covert-channel problems.
>
> We've already had this argument before, about the security_barrier
[ . . . ]

Sorry for following up on this so late, I have just been trying to catch
up with the mailing lists.

I am the developer of Veil, which this thread mentioned a number of
times. I wanted to state/confirm a number of things:

Veil is not up to date wrt Postgres versions. I didn't release a new
version for 9.2, and when no-one complained I figured no-one other than
me was using it. I'll happily update it if anyone wants it.

Veil makes no attempt to avoid covert channels. It can't.

Veil is a low-level toolset designed for optimising queries about
privileges. It allows you to build RLS with reasonable performance, but
it is not in itself a solution for RLS.

I wish the Postgres RLS project well and look forward to its release in
Postgres 9.4.

__
Marc