btw, there is serious problem with row-level security and constraints. For example, user with low security level could use unique constraint to know about existence of a row with higher security. I don't know, what is the best practice to avoid this.
On Wed, Aug 28, 2013 at 1:37 AM, Greg Smith <g...@2ndquadrant.com> wrote: > On 7/20/13 10:08 AM, Kohei KaiGai wrote: > >> Hmm. I didn't have this idea. It seems to me fair enough and kills >> necessity to enhance RangeTblEntry and getrelid() indeed. >> I try to fix up this implementation according to your suggestion. >> > > How is that going? I'm going to do a serious review of this myself over > the next few weeks. I have a good chunk of time set aside for it as part > of a larger project. I'm hoping to get more people here involved in that > effort too, starting in the November CF if that works out. > > I've been trying to catch up with your larger plan for this feature for > 9.4. You made this comment earlier: > > > Also, I'd like to have discussion for this feature in earlier half of > > v9.4 to keep time for the remaining features, such as check on > > writer-side, integration with selinux, and so on > > Is any of that code around yet? I see that you have split your > submissions so that a smaller program can be reviewed today. I'd like to > start taking a look at the next step too though. For the project I'm > starting to work on here, getting the integration with labeling also done > is a very important thing to target for 9.4. It would be nice to see how > that fits together today, even if the code for it isn't being reviewed > heavily yet. > > I don't quite understand yet what's missing on the writer side. If you > could help explain what's missing there, I would like to read about that. > > -- > Greg Smith 2ndQuadrant US g...@2ndquadrant.com Baltimore, MD > PostgreSQL Training, Services, and 24x7 Support www.2ndQuadrant.com > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/**mailpref/pgsql-hackers<http://www.postgresql.org/mailpref/pgsql-hackers> >
