Robert Haas wrote:
FWIW, pretty much +1 from me on everything in here; I think this is
definitely going in the right direction. It's not the size of the
patches that matter; it's the complexity and difficulty of verifying
that they don't break anything. And it's not cumulative: three easy
patches are better than one hard one, as long as they're really
self-contained.
The idea of restructuring the aclcheck mechanism to support sepgsql
is, IMO, brilliant.
As I noted in the reply to Stephen Frost, "what should be controled"
(e.g, ALTER TABLE) and "how to check it" (e.g, ownership based control)
are different things.
If we go on the direction to restructure the current aclcheck mechanism
and to integrate entry points of security features into a single file,
I really really want an implementation independent layer which focuses
on access controls.
Thanks,
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
