| From: | "Brindle, Joshua" <joshuqbr(at)amazon(dot)com> |
|---|---|
| To: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, "Drouvot, Bertrand" <bdrouvot(at)amazon(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Patch proposal: New hooks in the connection path |
| Date: | 2022-07-05 13:27:06 |
| Message-ID: | 10b14623-7a17-a9ad-c57f-6f84ac578f0d@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/30/22 5:23 AM, Bharath Rupireddy wrote:
> <snip>
> On the security aspect, we must ensure we don't leak any sensitive
> information such as password or SSH key to the new hook - if PGPORT
> has this information, maybe we need to mask that structure a bit
> before handing it off to the hook.
Can you elaborate more on why you see this as necessary? Extensions run
in-process and have no real memory access limits, "masking", which
really means copying data to another struct, is just extra work and
overhead with no actual security gain, IMO.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aleksander Alekseev | 2022-07-05 13:38:28 | Re: POC: Lock updated tuples in tuple_update() and tuple_delete() |
| Previous Message | Antonin Houska | 2022-07-05 13:24:25 | Re: Temporary file access API |