-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 20 Dec 2007 13:45:08 -0600 "Roberts, Jon" <Jon.Roberts@xxxxxxxxxxx> wrote: > I think it is foolish to not make PostgreSQL as feature rich when it > comes to security as the competition because you are idealistic when > it comes to the concept of source code. PostgreSQL is better in many > ways to MS SQL Server and equal to many features of Oracle but when > it comes to security, it is closer to MS Access. If this were true, we would be in a lot more trouble than what you are presenting here. Let's think about what PostgreSQL supports.... GSSAPI Kerberos SSL PAM Role based security Security definer functions Data based views (ability to assign restrictions to particular roles via views) External security providers ... Sounds like you have some reading to do before you make broad assumptions about PostgreSQL security. Everything you want to do is possible with Postgresql today. You may have write an executor function to hide your code but you can do it. You may not be able to do it with plpgsql but you certainly could with any of the other procedural languages. Sincerely, Joshua D. Drake - -- The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate SELECT 'Training', 'Consulting' FROM vendor WHERE name = 'CMD' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHashRATb/zqfZUUQRAmlRAJoDWr44yld8Ow2qdcvoUdtMiOs5AgCfQ/e7 4OGIPE6ZAHPQPCQ/Mc/dusk= =73a1 -----END PGP SIGNATURE----- ---------------------------(end of broadcast)---------------------------TIP 4: Have you searched our list archives? http://archives.postgresql.org
