From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [RFC] Security label support |
Date: | 2010-05-27 19:39:41 |
Message-ID: | 6650.1274989181@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> We also add a dependency between the labeled object and the security
>> label itself. It also enables to clean up orphan labels automatically,
>> without any new invention.
> I agree that we need to address this. I am kind of curious how this is
> handled for comments? It appears to be, but I don't see an entry in
> pg_depend when a comment is added to an object, yet the entry in
> pg_description disappears when a table is dropped. <Shrug>
IIRC, dropping comments is hard-wired into the object drop mechanism ---
this seemed more efficient than having to add a pg_depend entry for each
one. You could argue that either way of course depending on how many
comments you expect there to be in the system.
I'm not real sure that you want a dependency for a security label anyway
--- wouldn't that mean each label could only be used for one object?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2010-05-27 19:39:47 | Re: Idea for getting rid of VACUUM FREEZE on cold pages |
Previous Message | Peter Eisentraut | 2010-05-27 19:37:52 | Re: functional call named notation clashes with SQL feature |