Re: 8.4 release planning

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Josh Berkus <josh@agliodbs.com>
Cc: Stephen Frost <sfrost@snowman.net>, Gregory Stark <stark@enterprisedb.com>, Robert Haas <robertmhaas@gmail.com>, Simon Riggs <simon@2ndQuadrant.com>, Joshua Brindle <method@manicmethod.com>, Ron Mayer <rm_pg@cheapcomplexdevices.com>, "Joshua D. Drake" <jd@commandprompt.com>, Merlin Moncure <mmoncure@gmail.com>, "Jonah H. Harris" <jonah.harris@gmail.com>, Bruce Momjian <bruce@momjian.us>, Bernd Helmle <mailings@oopsware.de>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2009-01-27T18:44:46Z
Lists: pgsql-hackers
Josh Berkus <josh@agliodbs.com> writes:
> Stephen Frost wrote:
> It does seem weird to simply omit records rather than throw an error

> The presumption is that if you know the data exists but can't access it 
> directly, you'll use indirect methods to derive what it is.  But if you 
> don't even know it exists, then you won't look for it.

Right, which is why it's bad for something like a foreign key constraint
to expose the fact that the row does exist after all.

> There's a level above that which I don't think SEPostgres implements, 
> which is data substitution, in which you see different data according to 
> what security level you are.  While this may seem insane for a business 
> application, for military-support applications it makes some sense.

I think it might be possible to build such a thing using views, but I
agree that the patch doesn't give it to you for free.

			regards, tom lane