On Fri, Nov 07, 2008 at 01:50:18PM +0000, Simon Riggs wrote: > How will unique indexes work? Do you implicitly add security context as > last column on every unique index, or does the uniqueness violation only > occurs within security contexts, or does the uniqueness violation tested > against all contextx that the inserter can currently see? Is there a > change to system catalogs?
The wiki clearly states that the unique test is prior to any filtering. Anything else seems crazy to me. http://wiki.postgresql.org/wiki/SEPostgreSQL#Unique_constraint > Foreign Key deletions could be handled correctly if you treat them as > updates. If we have the following example Why? If a client does a delete and the database says OK, the tuple should be gone, *for everyone*. http://wiki.postgresql.org/wiki/SEPostgreSQL#Foreign_Key_constraint It is the responsibility of the DB administrator to worry about covert channels. Have a nice day, -- Martijn van Oosterhout <[EMAIL PROTECTED]> http://svana.org/kleptog/ > Please line up in a tree and maintain the heap invariant while > boarding. Thank you for flying nlogn airlines.
signature.asc
Description: Digital signature
