On Fri, 2008-11-07 at 16:52 -0500, Bruce Momjian wrote:
> Simon, would you read the chapter on "covert channels"? You might
> understand it better than I do and it might give you some ideas:
>
> http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.5950
OK, read that now.
Looks to me the covert channel debate will remain open whichever we do.
I agree with you that careful design avoids the problem, for the most
part. Even without that, it appears we have enough to achieve
certification.
The only remaining problem for me now is the size of the security
context column added to each row. I can accept a fixed length 4 byte
value, but anything longer just seems that it will render this unusable.
Normal apps should be able to benefit from row level security, as well
as high-security apps. The additional row overhead is enough to prevent
that, as well as put off many very large high security apps - which is
catastrophic because many of them are very large these days.
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support