Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
От | Simon Riggs |
---|---|
Тема | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
Дата | |
Msg-id | 1228762852.20796.671.camel@hp_dx2400_1 обсуждение исходный текст |
Ответ на | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) (KaiGai Kohei <kaigai@kaigai.gr.jp>) |
Ответы |
Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
Список | pgsql-hackers |
On Tue, 2008-12-09 at 03:33 +0900, KaiGai Kohei wrote: > Tom Lane wrote: > > KaiGai Kohei <kaigai@ak.jp.nec.com> writes: > >> Bruce Momjian wrote: > >>> I assume that could just be always enabled. > > > >> It is not "always" enabled. When we build it with SE-PostgreSQL feature, > >> rest of enhanced security features (includes the row-level ACL) are > >> disabled automatically, as we discussed before. > > > > It seems like a pretty awful idea to have enabling sepostgres take away > > a feature that exists in the default build. > > Why? > > The PGACE security framework allows one or no enhanced security > mechanism at most. It is quite natural that the default selection > is overrided when an alternative option is chosen explicitly. I'm finding these discussions very confusing to follow, sorry about that. We now have a parameter option that allows you to have row level security in non-mandatory mode, which is good. But in order to get that we need to build the server with a special configure option. My previous objective was to remove the need for a configure option, so we can enable row-level security in the default distribution of Postgres. Are we going to enable that option in all normal distros? If yes, why is it a configure option (at all)? -- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support
В списке pgsql-hackers по дате отправления: