From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Bernd Helmle <mailings(at)oopsware(dot)de>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: 8.4 release planning |
Date: | 2009-01-28 01:32:13 |
Message-ID: | 497FB59D.4050304@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Here is morning now, so I started to follow the discussion now...
Stephen Frost wrote:
> * Gregory Stark (stark(at)enterprisedb(dot)com) wrote:
>> It does seem weird to simply omit records rather than throw an error and
>> require the user to use a where clause, even if it's something like WHERE
>> pg_accessible(tab).
It was an implementation of very earlier version of SE-PostgreSQL.
(Maybe, its revision number was still less than 500.)
It rewrites WHERE clause of given queries, but Tom suggested such
a query rewrite easily makes a bug and hard to maintain in the
future, so I removed the code and put a hook in ExecScan(), which
featch a tuple from relation and checks condition.
(I think it was a good suggestion. It also enables to reduce the
scale of SE-PostgreSQL patches.)
Indeed, it requires additional checks and disables a few kind of
optimization, when these enhanced-security features are activated.
However, I made clear some times that we assume security focused
users don't give their first priority on performance.
I can understand performance is a significant factor for database
management system, so the default of these features are *disabled*
unless user explicitly activate them.
> It is weird from an SQL perspective, I agree with you there. On the
> other hand, it's what the security community is looking for, and is
> what's implemented by other databases (Oracle, SQL Server...) that
> do row-level security and security labels. Requiring a where clause
> or you throw an error would certainly make porting applications that
> depend on that mechanism somewhat difficult, and doesn't really seem
> like it'd gain you all that much...
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Treat | 2009-01-28 01:41:45 | Re: 8.4 release planning |
Previous Message | Robert Treat | 2009-01-28 01:24:41 | Re: 8.4 release planning |