| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Row-security writer-side checks proposal |
| Date: | 2013-11-05 16:24:32 |
| Message-ID: | CA+TgmoaRC5C6JDPHRiprk5R9-+2RnMggGa5RjmpO30JCDJxJww@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Nov 5, 2013 at 9:01 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> Now maybe that's fine. But given that, I think it's pretty important
>> that we get the syntax right. Because if you're adding a feature
>> primarily to add a more convenient syntax, then the syntax had better
>> actually be convenient.
>
> I agree that we want to get the syntax correct, but also very clear as
> it's security related and we don't want anyone surprised by what happens
> when they use it. The idea, as has been discussed in the past, is to
> then allow tying RLS in with SELinux and provide MAC.
No argument. I think "convenient" and "unsurprising" are closely-aligned goals.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oskari Saarenmaa | 2013-11-05 16:29:06 | [PATCH] configure: allow adding a custom string to PG_VERSION |
| Previous Message | Andrew Dunstan | 2013-11-05 15:59:54 | Re: [PATCH] configure: add git describe output to PG_VERSION when building a git tree |