Re: [COMMITTERS] pgsql: Add a hook in ExecCheckRTPerms().
От | Simon Riggs |
---|---|
Тема | Re: [COMMITTERS] pgsql: Add a hook in ExecCheckRTPerms(). |
Дата | |
Msg-id | 1278695272.29736.700.camel@ebony обсуждение исходный текст |
Ответ на | Re: [COMMITTERS] pgsql: Add a hook in ExecCheckRTPerms(). (Robert Haas <robertmhaas@gmail.com>) |
Ответы |
Re: [COMMITTERS] pgsql: Add a hook in ExecCheckRTPerms().
|
Список | pgsql-hackers |
On Fri, 2010-07-09 at 11:07 -0400, Robert Haas wrote: > On Fri, Jul 9, 2010 at 10:51 AM, Simon Riggs <simon@2ndquadrant.com> > wrote: > > The loadable module doesn't "gain control" here it simplify kicks-in > > after, and in addition to, normal checking. That just means you have > the > > option of failing for additional reasons. > > True. We could change it so that the normal checking is bypassed if > the hook is installed, and leave it up to the hook whether to call the > standard checks as well, but I don't think there's much of a use case > for that. With respect, there doesn't seem to be much use case anyway. I'm sorry to be expressing that opinion now; been away for a while. I am somewhat amazed that Tom isn't dancing on your head for proposing it though. > > We're not passing in any form of context other than the rangetable > so > > what additional reasons could there be? This is of no use to > anything > > that uses object labelling. We're not even at the part of the > executor > > where we would be able to identify objects yet, so I can't see what > > value this brings. Though I am certainly in favour in general terms > of > > simple changes to enhance security configuration features. > > Well, KaiGai Kohei already posted a proof-of-concept patch showing how > this could be used by a simple SE-PostgreSQL implementation. Since we > don't have a security labelling facility yet, he used the comment on > the relation to store the security label (there are other ways it > could be done too, of course). What's the difference between that and a GRANT command? GRANT is designed to allow privileges to be defined at table level. I don't see how a plugin whose only API input is a rangetable and which executes before any tuples have been touched can possibly add value here. KaiGai's had an uphill task here and I don't wish to be part of slowing him down. I'm not seeing how this moves label security forwards in any measurable way. Tom's test of a useful plugin has been one where a useful contrib module gets added at the same time. I don't think a useful plugin has been demonstrated or produced, as yet. -- Simon Riggs www.2ndQuadrant.comPostgreSQL Development, 24x7 Support, Training and Services
В списке pgsql-hackers по дате отправления: