| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Eric Hanson <eric(at)aquameta(dot)com>, Wolfgang Walther <walther(at)technowledgy(dot)de> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: Proposal: Role Sandboxing for Secure Impersonation |
| Date: | 2024-12-04 19:02:08 |
| Message-ID: | 0ec7b642-4d0d-4304-9621-566e90ccf570@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/4/24 11:13, Eric Hanson wrote:
> Thanks all for the input so far. I think we are the "usual suspects" of
> advocating for this feature. :)
Yeah, I looked at the old thread and came to the same conclusion ;-)
However on that thread[1] Jelte and Robert expressed a preference to
accomplishing the goal via protocol changes. That is not my preference,
but it would be worth hearing from them how firm they are in their
resolve -- i.e. if we went down the path of adding grammar and support
along the lines discussed here will they seek to block it from being
committed? And similarly for others that have not spoken up at all.
I don't want to put a bunch of time and effort into something which is
ultimately a dead end due to fundamental objections (which is why I made
set_user an extension in the first place).
On the other hand, if there is a reasonable chance we can get buy in
given a high enough quality implementation, I would be excited to work
on it.
[1]
https://postgr.es/m/flat/CACA6kxgdzt-oForijaxfXHHhnZ1WBoVGMXVwFrJqUu-Hg3C-jA%40mail.gmail.com
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-12-04 19:29:57 | Re: Potential ABI breakage in upcoming minor releases |
| Previous Message | Matheus Alcantara | 2024-12-04 18:44:51 | SCRAM pass-through authentication for postgres_fdw |