Re: sepgsql contrib module

Simon Riggs <simon@2ndquadrant.com>

From: Simon Riggs <simon@2ndQuadrant.com>
To: KaiGai Kohei <kaigai@kaigai.gr.jp>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Robert Haas <robertmhaas@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2010-12-30T00:34:36Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. pgindent run for 9.0, second run

On Thu, 2010-12-30 at 09:26 +0900, KaiGai Kohei wrote:

> > What happens if someone alters the configuration so that the sepgsql
> > plugin is no longer installed. Does the hidden data become visible?
> >
> Yes. If sepgsql plugin is uninstalled, the hidden data become visible.
> But no matter. Since only a person who is allowed to edit postgresql.conf
> can uninstall it, we cannot uninstall it in run-time.
> (An exception is loading a malicious module, but we will be able to
> hook this operation in the future version.)

IMHO all security labels should be invisible if the provider is not
installed correctly.

That at least prevents us from accidentally de-installing a module and
having top secret data be widely available.

If you have multiple providers configured, you need to be careful not to
allow a provider that incorrectly implements the plugin API, so that
prior plugins are no longer effective.

-- 
 Simon Riggs           http://www.2ndQuadrant.com/books/
 PostgreSQL Development, 24x7 Support, Training and Services