Re: [RFC] Security label support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [RFC] Security label support
Date: 2010-05-27 19:39:41
Message-ID: 6650.1274989181@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> We also add a dependency between the labeled object and the security
>> label itself. It also enables to clean up orphan labels automatically,
>> without any new invention.

> I agree that we need to address this. I am kind of curious how this is
> handled for comments? It appears to be, but I don't see an entry in
> pg_depend when a comment is added to an object, yet the entry in
> pg_description disappears when a table is dropped. <Shrug>

IIRC, dropping comments is hard-wired into the object drop mechanism ---
this seemed more efficient than having to add a pg_depend entry for each
one. You could argue that either way of course depending on how many
comments you expect there to be in the system.

I'm not real sure that you want a dependency for a security label anyway
--- wouldn't that mean each label could only be used for one object?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2010-05-27 19:39:47 Re: Idea for getting rid of VACUUM FREEZE on cold pages
Previous Message Peter Eisentraut 2010-05-27 19:37:52 Re: functional call named notation clashes with SQL feature