Re: Updates of SE-PostgreSQL 8.4devel patches (r1324)
| От | KaiGai Kohei |
|---|---|
| Тема | Re: Updates of SE-PostgreSQL 8.4devel patches (r1324) |
| Дата | |
| Msg-id | 494B2E72.5050002@ak.jp.nec.com обсуждение исходный текст |
| Ответ на | Re: Updates of SE-PostgreSQL 8.4devel patches (r1324) (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Updates of SE-PostgreSQL 8.4devel patches (r1324)
|
| Список | pgsql-hackers |
Tom Lane wrote: > KaiGai Kohei <kaigai@kaigai.gr.jp> writes: >> Bruce Momjian wrote: >>> 1034 and 25 are the oids for 'acllist' and 'text' and they are being >>> added to system tables. Are you saying system tables don't use >>> pg_security but other tables do? > >> It means users can refer the "security_acl" and "security_label", >> as if they have proper types. However, in actually, they are stroed >> as security identifiers. > >> When user refers "security_acl", the patched heap_getsysattr() invokes >> rowaclHeapGetSecurityAclSysattr() to translate the security identifier >> of Row-level ACLs into an array of ACLs. User will see the translated >> representation, as if there is a variable length array, not an oid. > > This seems like a pretty bad idea that will eventually bite you in an > uncomfortable place. Lying about what datatype a field is is just not > safe. Is it also correct for system attributes? I don't think the format on storage has to be same as user visible one, because it always fetched via heap_getsysattr(). In addition, all the route to import security attributes are hooked and translated it into oid correctly. What situation makes it unsafe? > It would probably be better to expose the actual security identifier > (as an OID or whatever it is) and provide simple translation > capabilities a la regclass and other OID-alias types. The regclass like approach will be fine, when we export security relatede attributes. However, how does it handle it when we give a new security context which is not on pg_security? The prior version of SE-PostgreSQL has a similar idea. It is a specific type to translate security context between text and oid. But, it was opposed at CommitFest:May because its input handler has to insert a new tuple when the given security context is not found on pg_security. It had a possibility that user declares a column as the type. It was unhapply, because input handler cannot discriminate whether the given input is toward the system column or user columns. So, I think the current approach is more preferable. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
В списке pgsql-hackers по дате отправления: