Josh Berkus wrote:
Joshua, Kohei-san,
So, for 8.4: *if* we included in 8.4 a version of SEPostgres with all
features *except* row-level security, would it still be useful to the
SELinux community?
Yes, obviously.
I think the granularity of access controls is an aspect of security.
I think we're just not going to work out the headache-inducing issues
around row-level security in time for 8.4, and it seems to me that
integrated system-level security labels at the table-and-column level
are still very useful, even without row-level security.
For example, table-and-column level access control can provide such a
worth which enables to store customer's credit-card-number within
unaccessable column from all the web application (children of Apache)
but accessable from settlement system (child of crond).
It enables to prevent SQL injection to steal very sensitive info.
Thanks,
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
