Simon Riggs <simon@2ndQuadrant.com> writes:
> On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote:
>> Silently filtering out rows according to an arbitrary security policy
>> can break a bunch of fundamental SQL semantics, the most obvious being
>> foreign key constraints
> That was exactly my reaction when I read the way it worked and I was
> ready to reject the patch as a result. Bruce and KaiGai provided
> documents that discuss the problem and it's a clearly a known issue in
> the security community. Specifically, it hasn't prevented Oracle from
> gaining security Certification and it shouldn't prevent us either. In
> the end it's the certification that matters here, rather than a general
> review of what database security is, or could be.
Yeah, people like certification, but they also like products that work.
Did you stop reading before getting to my non-security-based complaints?
regards, tom lane