From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Gregory Smith <gregsmithpgsql(at)gmail(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Greg Stark <stark(at)mit(dot)edu>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, "ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>, Alexander Korotkov <aekorotkov(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, jeff(dot)mccormick(at)crunchydatasolutions(dot)com |
Subject: | Re: row security roadmap proposal |
Date: | 2013-12-17 18:27:31 |
Message-ID: | CA+U5nM+Pke1_700HpjfhCGg41P0CJOYWsYcyofNH5DFk=2MRmQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 17 December 2013 17:03, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Mon, Dec 16, 2013 at 3:12 PM, Gregory Smith <gregsmithpgsql(at)gmail(dot)com> wrote:
>> On 12/16/13 9:36 AM, Craig Ringer wrote:
>>>
>>> - Finish and commit updatable security barrier views. I've still got a
>>> lot of straightening out to do there.
>>
>> I don't follow why you've put this part first. It has a lot of new
>> development and the risks that go along with that, but the POC projects I've
>> been testing are more interested in the view side issues.
>
> I don't really see a way that any of this can work without that. To
> be clear, that work is required even just for read-side security.
Not sure I'd say required, but its certainly desirable to have
updateable security barrier views in themselves. And it comes across
to me as a cleaner and potentially more performant way of doing the
security checks for RLS. So I think its the right thing to do to wait
for this, even if we can't do that for 9.4
Realistically, we have a significant amount of work before we're ready
to pass a high security audit based around these features.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2013-12-17 18:32:38 | Re: Extension Templates S03E11 |
Previous Message | Simon Riggs | 2013-12-17 18:21:06 | Re: row security roadmap proposal |