On 30.08.2013 22:57, Josh Berkus wrote:
Right now, the primary tool for doing row filtering for MTA is Veil,
which has numerous and well-known limitations. If RLS has fewer
limitations, or is easier to deploy, maintain, and/or understand, then
it's a valuable feature for that user base, even if it doesn't address
the covert channels we've brought up at all.
That is, if RLS is your*second* level of defense, instead of your
primary defense, covert channels are not a make-or-break issue. It just
has to be better than what we had before.
Note that I have NOT done an evaluation of Veil vs. RLS for MTA at this
point. I'm hoping someone else will ;-)
I'd also like to hear how Veil differs from RLS. From what I've
understood this far, they are the same in terms of what you can and
cannot do.
To phrase it differently: We already have RLS. It's shipped as an
extension called Veil. Now please explain what's wrong with that
statement, if anything.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
