Re: sepgsql contrib module
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: Simon Riggs <simon@2ndQuadrant.com>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Robert Haas <robertmhaas@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2010-12-30T01:15:08Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
pgindent run for 9.0, second run
- 239d769e7e05 9.0.0 cited
(2010/12/30 9:34), Simon Riggs wrote: > On Thu, 2010-12-30 at 09:26 +0900, KaiGai Kohei wrote: > >>> What happens if someone alters the configuration so that the sepgsql >>> plugin is no longer installed. Does the hidden data become visible? >>> >> Yes. If sepgsql plugin is uninstalled, the hidden data become visible. >> But no matter. Since only a person who is allowed to edit postgresql.conf >> can uninstall it, we cannot uninstall it in run-time. >> (An exception is loading a malicious module, but we will be able to >> hook this operation in the future version.) > > IMHO all security labels should be invisible if the provider is not > installed correctly. > Probably, it needs row-level granularity to control visibility of each entries of pg_seclabel, because all the provider shares same system catalog. So, I don't think this mechanism is feasible right now. > That at least prevents us from accidentally de-installing a module and > having top secret data be widely available. > > If you have multiple providers configured, you need to be careful not to > allow a provider that incorrectly implements the plugin API, so that > prior plugins are no longer effective. > Yep. It is responsibility of DBA who tries to set up security providers. DBA has to install only trustable or well-debugged modules (not limited to security providers) to avoid troubles. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>