On Fri, 2008-11-07 at 16:52 -0500, Bruce Momjian wrote: > Simon, would you read the chapter on "covert channels"? You might > understand it better than I do and it might give you some ideas: > > http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.5950
OK, read that now. Looks to me the covert channel debate will remain open whichever we do. I agree with you that careful design avoids the problem, for the most part. Even without that, it appears we have enough to achieve certification. The only remaining problem for me now is the size of the security context column added to each row. I can accept a fixed length 4 byte value, but anything longer just seems that it will render this unusable. Normal apps should be able to benefit from row level security, as well as high-security apps. The additional row overhead is enough to prevent that, as well as put off many very large high security apps - which is catastrophic because many of them are very large these days. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
