Re: [v9.4] row level security

On 30.08.2013 22:57, Josh Berkus wrote:
> Right now, the primary tool for doing row filtering for MTA is Veil,
> which has numerous and well-known limitations.  If RLS has fewer
> limitations, or is easier to deploy, maintain, and/or understand, then
> it's a valuable feature for that user base, even if it doesn't address
> the covert channels we've brought up at all.
>
> That is, if RLS is your*second*  level of defense, instead of your
> primary defense, covert channels are not a make-or-break issue. It just
> has to be better than what we had before.
>
> Note that I have NOT done an evaluation of Veil vs. RLS for MTA at this
> point.  I'm hoping someone else will ;-)

I'd also like to hear how Veil differs from RLS. From what I've 
understood this far, they are the same in terms of what you can and 
cannot do.

To phrase it differently: We already have RLS. It's shipped as an 
extension called Veil. Now please explain what's wrong with that 
statement, if anything.

- Heikki