Josh Berkus wrote:
> Joshua, Kohei-san,
>
> So, for 8.4: *if* we included in 8.4 a version of SEPostgres with all
> features *except* row-level security, would it still be useful to the
> SELinux community?
Yes, obviously.
I think the granularity of access controls is an aspect of security.
> I think we're just not going to work out the headache-inducing issues
> around row-level security in time for 8.4, and it seems to me that
> integrated system-level security labels at the table-and-column level
> are still very useful, even without row-level security.
For example, table-and-column level access control can provide such a
worth which enables to store customer's credit-card-number within
unaccessable column from all the web application (children of Apache)
but accessable from settlement system (child of crond).
It enables to prevent SQL injection to steal very sensitive info.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>