Re: function body actors (was: [PERFORM] viewing source code)
| От | Tom Lane |
|---|---|
| Тема | Re: function body actors (was: [PERFORM] viewing source code) |
| Дата | |
| Msg-id | 6533.1198255663@sss.pgh.pa.us обсуждение |
| Ответ на | Re: function body actors (was: [PERFORM] viewing source code) (Andrew Sullivan <ajs@crankycanuck.ca>) |
| Список | pgsql-hackers |
Andrew Sullivan <ajs@crankycanuck.ca> writes:
> On Fri, Dec 21, 2007 at 12:09:28AM -0500, Merlin Moncure wrote:
>> Maybe a key management solution isn't required.
> I like this idea much better, because the same basic mechanism can be used
> for more than one thing, and it doesn't build in a system that is
> fundamentally weak. Of course, you _can_ build a weak system this way, but
> there's an important difference between building a fundamentally weak system
> and making weak systems possible.
I find myself unconvinced by this argument. The main problem is: how
do we know that it's possible to build a strong system atop this
mechanism? Just leaving it to non-security-savvy users seems to me
to be a great way to guarantee a lot of weak systems in the field.
ISTM our minimum responsibility would be to design and document how
to build a strong protection system using the feature ... and at that
point why not build it in?
I've certainly got no objection to making a mechanism that can be used
for more than one purpose; but not offering a complete security solution
is abdicating our responsibility.
regards, tom lane
В списке pgsql-hackers по дате отправления: