Re: SE-PostgreSQL and row level security
| От | Tom Lane |
|---|---|
| Тема | Re: SE-PostgreSQL and row level security |
| Дата | |
| Msg-id | 16960.1234798448@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: SE-PostgreSQL and row level security ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>) |
| Список | pgsql-hackers |
"Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
> Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> We have seen no evidence that anyone has a worked-out
>> set of design rules that make a SE-Postgres database secure against
>> these issues, so the whole thing is pie in the sky.
> I've seen several mentions of the rule "Don't use a column containing
> data you want to secure as part of the primary key." mentioned several
> times in these threads. I think that just might be the complete set.
> Can anyone show that it's not?
You've still got the burden of proof backwards... but just as a
counterexample to that phrasing, I'll note that FKs can be set up
against columns other than a primary key. If the attacker has
insert/update privilege then *any* unique constraint represents
a possible covert channel.
regards, tom lane
В списке pgsql-hackers по дате отправления: