On Mon, Feb 16, 2009 at 12:18 PM, Robert Haas <robertmh...@gmail.com> wrote: > > With reference to row-level security, most of the complaining about > this feature has been along the lines of "I don't like the idea that > rows get filtered from my result-set that I didn't ask to have > filtered".
yeah! because was filtered by powers above yours... ;) i thing row level acl it's good feature for those that *really* need it, as every other solution this is not for everyone and could and will be misused sometimes... as far as the code maintain readibility and doesn't interfer in an instalation that doesn't include --enable-selinux i'm in favor of including it... > To me, the fact that you didn't have to ask seems like a > huge convenience, and I can't imagine why you'd want it otherwise. > Sure, the behavior needs to be documented, but that doesn't seem like > a big deal. > not only a convenience, it's a way to enforce policies that cannot be circumvented easily from programming (if you have very secret info that cost a lot, you can start being paranoic even of your own developing team ;) -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL AsesorÃa y desarrollo de sistemas Guayaquil - Ecuador Cel. +59387171157 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
