| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Joseph Adams <joeyadams3(dot)14159(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |
| Date: | 2010-03-24 00:16:07 |
| Message-ID: | 10784.1269389767@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> I wonder if this is simpler now that we got rid of the flat files stuff.
> We could validate the user once we've connected to a database and thus
> able to poke at the local user catalog, not just the global one. I
> think that was a serious roadblock.
I think it'd be a mistake to invent a separate catalog for local users;
what had been nice clean foreign key relationships (eg, relowner ->
pg_auth.oid) would suddenly become a swamp.
My first thought about a catalog representation would be to add a column
to pg_auth which is a DB OID for local users or zero for global users.
However, you'd probably want to prevent local users and global users
from having the same names, and it's not very clear how to do that
with this representation (though that'd be even worse with separate
catalogs). I guess we could fall back on a creation-time check (ick).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-03-24 00:27:31 | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |
| Previous Message | Alvaro Herrera | 2010-03-24 00:10:43 | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |