From: | Greg Smith <greg(at)2ndQuadrant(dot)com> |
---|---|
To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, Oleg Bartunov <obartunov(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [v9.4] row level security |
Date: | 2013-09-01 17:46:02 |
Message-ID: | 52237D5A.9050209@2ndQuadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 9/1/13 9:38 AM, Heikki Linnakangas wrote:
> To phrase it differently: We already have RLS. It's shipped as an
> extension called Veil. Now please explain what's wrong with that
> statement, if anything.
Veil was last updated for 9.1 to work against that version, so the first
thing is that it's two versions back from being current.
The main improvement for a few now core features, compared to their
external/extension predecessors, is that they go through a real review
process. I suspect a lot of the criticisms being lobbied against the
core RLS feature would also hit Veil if it were evaluated to the same
standard.
Regardless, I'm seeing a few review themes pop up from this thread:
-Comparison against the Veil feature set.
-Competitive review against industry expectations, AKA "checkbox"
compliance.
-Confirm feature set is useful to government security clearance
applications and multi-tenant applications. There's also a secured web
application use case that's popped up a few times too; KaiGai has used
secured Apache installs for example.
-Summary of known covert channels, with documentation coverage.
-Assess odds of this implementation's future issues turning into
security bugs. My personal hotspot here is that I'd like minimal code
exposure to people who don't use this feature at all. Are there parts
here that should be compile time enabled?
Of course those are all on top of the usual code quality review. Did I
miss any big themes on that list?
--
Greg Smith 2ndQuadrant US greg(at)2ndQuadrant(dot)com Baltimore, MD
PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.com
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2013-09-01 18:05:58 | Re: [v9.4] row level security |
Previous Message | Noah Misch | 2013-09-01 16:07:04 | Re: dynamic shared memory |