Josh Berkus <[EMAIL PROTECTED]> writes: > Multilevel frameworks have concepts of data hiding and data substitution > based on labels. That is, if a user doesn't have permissions on data, > he's not merely supposed to be denied access to it, he's not even supposed > to know that the data exists. In extreme cases (think military / CIA use) > data at a lower security level should be substitited for the higher > security level data which the user isn't allowed. Silently.
Yeah, that's what I keep hearing that the spooks think they want. I can't imagine how it would play nice with SQL-standard integrity constraints. Data that apparently violates a foreign-key constraint, for example, would give someone a pretty good clue that there's something there he's not being allowed to see. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers