* Gregory Stark <st...@enterprisedb.com> [081211 14:47]: > Peter Eisentraut <pete...@gmx.net> writes: > > > On Thursday 11 December 2008 18:32:50 Tom Lane wrote: > >> > How can we stick all of these in the same column at the same time? > >> > >> Why would we want to? > > > > Because we want to use SQL-based row access control and SELinux-based row > > access control at the same time. Isn't this exactly one of the objections > > upthread? Both must be available at the same time. > > Well I don't think anyone would actually want them *at the same time*. > Combining multiple security models would mean you aren't actually following > any security model.
Actually, I think people (or rather, systems) will. No "application" is going to want to use SE-linux, but "OS controllers" are... Just like now, the actual people/apps/etc rely on plain unix permissions, yet the distro still provides an SElinux policy that is "more restrictive yet"... Simlarly, SElinux is going to be used *on top* of any application that's out there, to try and enfoce the "no data coming in from a secure input" leaves through a "less secure output", irrespective of what app level security (and in this case, app-level being the SQL/SCHEMA/row-level) does itself... So, if row-level access comes to PG in any sql form, apps and others will use it (if only a few of them)... And se-linux on top of that will be used to try and enforce that the app hasn't made a mistake... a. -- Aidan Van Dyk Create like a god, ai...@highrise.ca command like a king, http://www.highrise.ca/ work like a slave.
signature.asc
Description: Digital signature
