Re: security label support, revised
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-09-23T18:06:52Z
Lists: pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote: > The point is that SECURITY LABEL, as coded, will fail utterly unless > there is a label provider loaded. So you can't actually run it and > check the results in the catalog without loading a contrib module. Urgh, yes, point. Well, we could test that it errors out correctly. :) Another thought might be to allow the "check if a module is loaded before doing things" to be a postgresql.conf option that is disabled in the regression testing.. If you can modify postgresql.conf you can remove the module anyway.. Interesting question as to if we should auto-fail queries against objects which have labels when no security module is loaded. Have we discussed that yet? Thanks, Stephen