* Tom Lane (t...@sss.pgh.pa.us) wrote: > This seems to me to be exactly parallel to deciding that SELinux should > control only table/column permissions within SQL; an approach that would > be enormously less controversial, less expensive, and more reliable than > what SEPostgres tries to do.
While also ignoring a feature that is available, and used by these same security communities, in other enterprise RDBMSs... http://www.securityfocus.com/infocus/1743 http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx It's not codified in the SQL spec (yet..) that I saw, and maybe we could seperate out the SE bits from the row-level bits, but I'm really not sure I see the value in doing that.. Stephen
signature.asc
Description: Digital signature