Re: [v9.4] row level security

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [v9.4] row level security
Дата
Msg-id 9787.1377797318@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [v9.4] row level security  (Josh Berkus <josh@agliodbs.com>)
Ответы Re: [v9.4] row level security  (Kohei KaiGai <kaigai@kaigai.gr.jp>)
Список pgsql-hackers
Дерево обсуждения 
Josh Berkus <josh@agliodbs.com> writes:
>> That would close only one covert channel.  Others were already pointed out
>> upthread, and I'll bet there are more ...

> Mind you, fundamentally this is no different from allowing INSERT
> permission on a table but denying SELECT, or denying SELECT on certain
> columns.  In either case, covert channels for some data are available.

Certainly.  But INSERT's purpose in life is not to prevent people from
inferring what data is in the table.  What we have to ask here is whether
a "row level security" feature that doesn't deal with these real-world
attack techniques is worth having.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: David Fetter
Дата:
Сообщение: Re: [v9.4] row level security
Следующее
От: Stephen Frost
Дата:
Сообщение: Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review])