On Fri, 2008-11-07 at 13:19 -0500, Bruce Momjian wrote: > The security context on each row could be an optional column present > > only if HEAP_HASSECURITYCONTEXT is set (0x0010 see htup.h), just > like > > OIDs. Use a specific datatype rather than TEXT. That datatype could > be > > an identifier to pg_security. Security people have big databases > too, so > > we need to compress the security context more and take out parse > time of > > string handling. Don't think we should use Oids, they're too big. > Might > > be easier to use a 2byte field and restrict access to 32,000 > contexts, > > which is easily enough. TEXT also makes me nervous, just in case > there > > is some collation/encoding weirdness that allows contexts to be > > subverted. Fixed integers are hard to compromise in that respect. > > I think the security mechanism is more complex than just assigning a > single security identifier, but perhaps not; I am unsure.
Maybe. We already handle such complexity for comboids and multixacts, so I suggest we do the same thing here. Any system with more than 32,000 security contexts is going to be unmanageable and probably therefore insecure... -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
