On 17 December 2013 17:03, Robert Haas <robertmh...@gmail.com> wrote: > On Mon, Dec 16, 2013 at 3:12 PM, Gregory Smith <gregsmithpg...@gmail.com> > wrote: >> On 12/16/13 9:36 AM, Craig Ringer wrote: >>> >>> - Finish and commit updatable security barrier views. I've still got a >>> lot of straightening out to do there. >> >> I don't follow why you've put this part first. It has a lot of new >> development and the risks that go along with that, but the POC projects I've >> been testing are more interested in the view side issues. > > I don't really see a way that any of this can work without that. To > be clear, that work is required even just for read-side security.
Not sure I'd say required, but its certainly desirable to have updateable security barrier views in themselves. And it comes across to me as a cleaner and potentially more performant way of doing the security checks for RLS. So I think its the right thing to do to wait for this, even if we can't do that for 9.4 Realistically, we have a significant amount of work before we're ready to pass a high security audit based around these features. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
