On Tue, 2009-01-27 at 13:57 -0500, Joshua Brindle wrote: > Josh Berkus wrote: > > Josh, > > > >> We do not consider that a short coming, anyone who needs to hide > >> existence of files needs to set up their directory structure to > >> disallow read/search/create on the directories they aren't allowed to > >> discover filenames in. Polyinstanciation can also address this issue. > > > > Hmmm. Why try to hide individual rows in tables then? That would seem > > not in keeping with the filesystem policies. > > > > Because rows have data in them. It is analogous to not allowing the contents > of > the file to be visible. However, the primary key is still known to exist > through > various means, which is more analogous to the filename.
Since most keys are likely to be non-meaningful IDs, its not going to help you much. And besides, all you have to do is reserve key ranges for different security levels so there would never be any overlap. So its not really even a difficult problem to get around. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
