|
|
Subscribe / Log in / New account

Why?

Why?

Posted Dec 10, 2009 14:00 UTC (Thu) by Baylink (guest, #755)
In reply to: Why? by cetialphav
Parent article: SELinux and PostgreSQL: a worthwhile union?

> A shim is much less flexible and may need to be changed (and have its security audited) every time the application needs to change how it accesses the database.

Correct.

But that's not a bug, it's a feature!<tm>

A shim can be expected, generally, to be *much* smaller than the code on either side of it -- by 2 or 3 orders of magnitude if not more, unless someone's done something horribly wrong -- and should therefore be *much* easier to prove correct.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds