On Tue, Jan 27, 2009 at 11:49 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Robert Haas <robertmh...@gmail.com> writes: >>> Yeah, people like certification, but they also like products that work. >>> Did you stop reading before getting to my non-security-based complaints? > >> I read them, but I suspect they are issues that can be addressed. How >> would any of this affect join removal, anyway? > > It would prevent us from making optimizations that assume foreign key > constraints hold; which is a performance issue not a covert-channel > issue.
Oh, I see now. That problem is going to be common to row-level DAC and SE-PostgreSQL proper. It would not surprise me if any sort of row-level access control turns out to be bad for performance, but mainly because the overhead of checking permissions on every tuple is bound to cost something. If some day we have join removal and it has to be disabled when row-level access control is turned on, those users will be no worse off than they are today: no join removal. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers