Re: security hook on table creation

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: KaiGai Kohei <kaigai@kaigai.gr.jp>
Cc: Robert Haas <robertmhaas@gmail.com>, KaiGai Kohei <kaigai@ak.jp.nec.com>, Alvaro Herrera <alvherre@commandprompt.com>, PgSQL-Hackers <pgsql-hackers@postgresql.org>, Joshua Brindle <method@manicmethod.com>, "David P. Quigley" <dpquigl@tycho.nsa.gov>
Date: 2010-10-15T13:04:22Z
Lists: pgsql-hackers
KaiGai,

* KaiGai Kohei (kaigai@kaigai.gr.jp) wrote:
> However, it requires the plugin modules need to know everything;
> such as what is visible/invisible. It seems to me too closely-
> coupled interface.

I agree with Robert on this one.  We're not trying to design a wholly
independent security module system for any project to pick up and use
here.  We're discussing hooks to go into PostgreSQL to support a
PostgreSQL security module.  In other words, I don't think we need to
worry over if the PG-SELinux security module could be re-used for
another project or is too "PG specific".  If it's *not* very PG
specific then something is wrong.

The issues we're talking about with regard to MVCC, visibility, etc,
would all be applicable to any serious database anyway.

	Thanks,

		Stephen