Magnus,
* Magnus Hagander (magnus@hagander.net) wrote:
> On Fri, Dec 11, 2009 at 05:45, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > It's been perfectly clear since day one, and was reiterated as recently
> > as today
> > http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
> > that what the security community wants is row-level security. The
>
> If that is true, then shouldn't we have an implementation of row level
> security *first*, and then an implementation of selinux hooks that
> work with this row level security feature? Rather than first doing
> selinux hooks, then row level security, which will likely need new
> and/or changed hooks...
The proposal we're currently grappling with is to pull all the various
checks which are sprinkled through our code into a single area.
Clearly, if that work is done before we implement row-level security,
then the patch for row-level security will just add it's checks in the
security/ area and it'd be then easily picked up by SELinux, etc.
> I'm not convinced that row level security is actually that necessary
> (though it's a nice feature, with or without selinux), but if it is,
> it seems we are approaching the problem from the wrong direction.
It has to be implemented independent of the security/SELinux/etc changes
in any case, based on what was said previously.. So I don't
particularly understand why it matters a great deal which one happens
first. They're independently useful features, though both are not
nearly as good on their own as when they are combined. Sorry, I just
don't see this as a "cart-before-the-horse" case.
Thanks,
Stephen