Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)
| От | KaiGai Kohei |
|---|---|
| Тема | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |
| Дата | |
| Msg-id | 48D4BD4D.6060305@kaigai.gr.jp обсуждение исходный текст |
| Ответ на | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) (KaiGai Kohei <kaigai@ak.jp.nec.com>) |
| Ответы |
Re: Proposal of SE-PostgreSQL patches (for
CommitFest:Sep)
|
| Список | pgsql-hackers |
> [1] Make a consensus that different security mechanisms have differences > in its decision making, its gulanuality and its scope > > I think it is the most straightforward answer. > As operating system doing, DAC and MAC based access controls should be > independently applied on accesses from users, and this model is widely > accepted. > These facilities can also have different results, gulanualities and scopes. > > > [2] Make a new implementation of OS-independent fine grained access control > > If it is really really necessary, I may try to implement a new separated > fine-grained access control mechanism due to the CommitFest:Nov. > However, we don't have enough days to develop one more new feature from > the scratch by the deadline. I reconsidered the above two options have no differences fundamentally. In other word, making a new enhanced security implementation based on requirements also means making a consensus various security mechanism can have its individual rules including guranuality of access controls. So, I'll decide to try to implement "fine-grained-only" security mechanism also, because someone have such a requirememt. However, its schedule is extremely severe, if is has to be submitted due to the deadline of CommitFest:Nov. It is my hope to concentrate development of SE-PostgreSQL in v8.4 development cycle, and I think the above "fine-grained-only" one should be pushed to v8.5 cycle. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>
В списке pgsql-hackers по дате отправления: