Re: security hook on table creation
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: KaiGai Kohei <kaigai@kaigai.gr.jp>
Cc: Robert Haas <robertmhaas@gmail.com>, KaiGai Kohei <kaigai@ak.jp.nec.com>, Alvaro Herrera <alvherre@commandprompt.com>, PgSQL-Hackers <pgsql-hackers@postgresql.org>, Joshua Brindle <method@manicmethod.com>, "David P. Quigley" <dpquigl@tycho.nsa.gov>
Date: 2010-10-15T13:04:22Z
Lists: pgsql-hackers
KaiGai, * KaiGai Kohei (kaigai@kaigai.gr.jp) wrote: > However, it requires the plugin modules need to know everything; > such as what is visible/invisible. It seems to me too closely- > coupled interface. I agree with Robert on this one. We're not trying to design a wholly independent security module system for any project to pick up and use here. We're discussing hooks to go into PostgreSQL to support a PostgreSQL security module. In other words, I don't think we need to worry over if the PG-SELinux security module could be re-used for another project or is too "PG specific". If it's *not* very PG specific then something is wrong. The issues we're talking about with regard to MVCC, visibility, etc, would all be applicable to any serious database anyway. Thanks, Stephen