Re: Adding support for SE-Linux security
От | Josh Berkus |
---|---|
Тема | Re: Adding support for SE-Linux security |
Дата | |
Msg-id | 4B16B7BA.3000408@agliodbs.com обсуждение исходный текст |
Ответ на | Adding support for SE-Linux security (Bruce Momjian <bruce@momjian.us>) |
Ответы |
Re: Adding support for SE-Linux security
Re: Adding support for SE-Linux security |
Список | pgsql-hackers |
Bruce, > If we decide not to support SE-Linux, it is unlikely we will be adding > support for any other external security systems because SE-Linux has the > widest adoption. > > I think the big question is whether we are ready to extend Postgres to > support additional security infrastructures. PostgreSQL is the most security-conscious of the OSS databases, and is widely used by certain groups (security software, military, credit card processing) precisely because of this reputation. These folks, while unlikely to speak up on -hackers, are interested in new/further security features; when I was at the Pentagon 2 years ago several people there from HS were quite interested in SE-Postgres specifically. Further, I've been mentioning SE-Postgres in my "DB security talk" for the last 18 months and I *always* get a question about it. So while there might not be vocal proponents for innovative/hard-core security frameworks on this list currently, I think it will gain us some new users. Maybe more than we expect. When GIS was introduced to this list ten years ago it was criticized as a marginal feature and huge and intrusive. But today it's probably 40% of our user base, and growing far more rapidly than anything else with Postgres. Maybe SE will be more like Rules than like GIS in the long run, but there's no way for us to know that today. --Josh Berkus
В списке pgsql-hackers по дате отправления: