Josh Berkus wrote:
> Joshua,
>
>> So the security model has been looked at, though not the
>> implementation and we do have a community of developers, users and
>> customers interested in this work.
>
> Can you please take a look at it ASAP, then? In the next week, we will
> probably decide on whether or not to defer SEPostgres until 8.5. The
> fact that we haven't gotten a sign-off from any security expert anywhere
> is leaning the whole community towards "defer".
>
Yes, I will look at them to the extent I am able. As I am not familiar with the
postgresql codebase I won't be able to assert the correctness of the hook
placement (that is, where the security functions are called with respect to the
data they are protecting being accessed). The postgresql community should be
more familiar with the hook call sites and hopefully can assist there.
I should be able to handle the security backend and determining whether it
matches the security model we agreed on, but the hook placement is just as
important since a misplaced or missing hook will allow access that should not be
granted.
Joshua Brindle