Re: leaky views, yet again
| От | Robert Haas |
|---|---|
| Тема | Re: leaky views, yet again |
| Дата | |
| Msg-id | AANLkTi=RogOCjM5ARUVbUjun+o48CKd415FmCRx5ynq=@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: leaky views, yet again (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: leaky views, yet again
|
| Список | pgsql-hackers |
On Wed, Oct 13, 2010 at 11:45 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes: >> I had the pleasure of hearing Admiral Grace Hopper[1] speak at an >> ACM luncheon once. When she discussed security, she asserted that >> there was no such thing as security which could not be breached. >> The goal of security efforts should not be to make it perfect, >> because you can't; any time you convince yourself you have that you >> are simply fooling yourself and missing the vulnerabilities. In her >> view the goal was to make the costs of breaching security higher to >> the perpetrator than the benefits. Each obstacle in their way helps >> tip the scales in your favor. > > That's all true, but you have to consider how much the obstacle actually > gets in their way versus how painful it is on your end to create and > maintain the obstacle. I don't think this proposed patch measures up > very well on either end of that tradeoff. I think it would behoove us to try to separate concerns about this particular patch from concerns about the viability of the whole approach. Whether or not it's useful to do X is a different question than whether it can be done with few enough lines of code and/or whether this patch actually does it well. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: