Re: 8.4 release planning

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Simon Riggs <simon@2ndQuadrant.com>
Cc: Joshua Brindle <method@manicmethod.com>, Ron Mayer <rm_pg@cheapcomplexdevices.com>, Josh Berkus <josh@agliodbs.com>, "Joshua D. Drake" <jd@commandprompt.com>, Robert Haas <robertmhaas@gmail.com>, Merlin Moncure <mmoncure@gmail.com>, "Jonah H. Harris" <jonah.harris@gmail.com>, Gregory Stark <stark@enterprisedb.com>, Bruce Momjian <bruce@momjian.us>, Bernd Helmle <mailings@oopsware.de>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2009-01-27T16:26:18Z
Lists: pgsql-hackers
Simon Riggs <simon@2ndQuadrant.com> writes:
> On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote:
>> Silently filtering out rows according to an arbitrary security policy
>> can break a bunch of fundamental SQL semantics, the most obvious being
>> foreign key constraints

> That was exactly my reaction when I read the way it worked and I was
> ready to reject the patch as a result. Bruce and KaiGai provided
> documents that discuss the problem and it's a clearly a known issue in
> the security community. Specifically, it hasn't prevented Oracle from
> gaining security Certification and it shouldn't prevent us either. In
> the end it's the certification that matters here, rather than a general
> review of what database security is, or could be.

Yeah, people like certification, but they also like products that work.
Did you stop reading before getting to my non-security-based complaints?

			regards, tom lane