| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, simon(at)2ndQuadrant(dot)com |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1324) |
| Date: | 2008-12-19 01:19:37 |
| Message-ID: | 28076.1229649577@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> writes:
> Bruce Momjian wrote:
>> 1034 and 25 are the oids for 'acllist' and 'text' and they are being
>> added to system tables. Are you saying system tables don't use
>> pg_security but other tables do?
> It means users can refer the "security_acl" and "security_label",
> as if they have proper types. However, in actually, they are stroed
> as security identifiers.
> When user refers "security_acl", the patched heap_getsysattr() invokes
> rowaclHeapGetSecurityAclSysattr() to translate the security identifier
> of Row-level ACLs into an array of ACLs. User will see the translated
> representation, as if there is a variable length array, not an oid.
This seems like a pretty bad idea that will eventually bite you in an
uncomfortable place. Lying about what datatype a field is is just not
safe.
It would probably be better to expose the actual security identifier
(as an OID or whatever it is) and provide simple translation
capabilities a la regclass and other OID-alias types.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-12-19 01:56:13 | Re: stat() vs cygwin |
| Previous Message | Fujii Masao | 2008-12-19 00:43:11 | Re: Sync Rep: First Thoughts on Code |