Bruce Momjian wrote:
The bulk of the patch is in sepostgresql-sepgsql-8.4devel-3-r1043.patch,
which modifies the backend. About 30% of it or 3k lines modify our
backend, and the rest are indepdendent support routines in their own C
files.
The 3k lines (which is named as PGACE security framework) part was provided
as separated patches, but I was pointed out it requires reviewers to see
two files in same time. So, these were integrated into one.
Ah, OK. I think we need to decide:
1) When are we getting column-level permissions that you can
plug into?
Please note that SE-PostgreSQL checks its column-level permission *after* VIEWs
are expanded, because it focuses on "what" object is accessed, not "how".
Thus, it walks on the query tree just after QueryRewrite() to pick up columns
to be refered in this query.
The term is same, but it's unclear for me whether it can share the code based
on SQL standards, or not.
(In my opinion, it is not a matter, just a difference in security model.)
> 2) Do we want row-level permissions at the SQL level?
Now I'm working for it and will submit patches due to the end of Oct,
if it is really required to make progress reviewing of SE-PostgreSQL
on the v8.4 development cycle.
However, the scale of its demand is unclear for me.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <[EMAIL PROTECTED]>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
