On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote: > Silently filtering out rows according to an arbitrary security policy > can break a bunch of fundamental SQL semantics, the most obvious being > foreign key constraints
That was exactly my reaction when I read the way it worked and I was ready to reject the patch as a result. Bruce and KaiGai provided documents that discuss the problem and it's a clearly a known issue in the security community. Specifically, it hasn't prevented Oracle from gaining security Certification and it shouldn't prevent us either. In the end it's the certification that matters here, rather than a general review of what database security is, or could be. I've seen enough to be happy that KaiGai has done a thorough job on *attempting* to address the needs of the security people. Passing security audit is the real test and I won't be beating him up if we do miss slightly. We have to try, otherwise we'll never know. My concerns are all about what it does to our code and the impacts of that. These are things we know how to check. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers