"Kevin Grittner" <kevin.gritt...@wicourts.gov> writes: > Tom Lane <t...@sss.pgh.pa.us> wrote: >> We have seen no evidence that anyone has a worked-out >> set of design rules that make a SE-Postgres database secure against >> these issues, so the whole thing is pie in the sky. > I've seen several mentions of the rule "Don't use a column containing > data you want to secure as part of the primary key." mentioned several > times in these threads. I think that just might be the complete set. > Can anyone show that it's not?
You've still got the burden of proof backwards... but just as a counterexample to that phrasing, I'll note that FKs can be set up against columns other than a primary key. If the attacker has insert/update privilege then *any* unique constraint represents a possible covert channel. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers