From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
---|---|
To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org, "Koen Vermeer" <koen(at)vermeer(dot)tv> |
Subject: | Re: Force SSL / username combination |
Date: | 2007-07-13 10:53:20 |
Message-ID: | 200707130653.21162.xzilla@users.sourceforge.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Friday 13 July 2007 05:21, Gregory Stark wrote:
> "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net> writes:
> > I'm guessing the lack of response is due to a lack of knowledge on the
> > topic. Personally I've never quite understood how you'd make use of the
> > sslinfo functions to manage connections without something like on commit
> > triggers, so I hope you'll consider submitting some documentation once
> > you figure it out.
>
> Well if you do the popular technique of doing everything through stored
> procedures (in our case plpgsql functions) then you can have those
> functions check. I don't like that approach myself though.
>
Right. This approach always seemed "too late" to me, since the user was
already connected at that point.
> You could also have a column with a default value which uses the sslinfo to
> retrieve the common name. Or you could have a trigger which throws an error
> if that function doesn't return valid value. Either way you would be doing
> a lot more work than necessary since it would be checking every row, not
> once per session. And it wouldn't stop selects.
>
> I think what you really want is a ON CONNECT trigger for this.
lol! I surely meant ON CONNECT triggers above! I'm pretty sure PostgreSQL can
do "on commit" triggers right now. :-D
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
From | Date | Subject | |
---|---|---|---|
Next Message | Stefan Kaltenbrunner | 2007-07-13 11:20:05 | Re: Limit connections per username |
Previous Message | Richard Huxton | 2007-07-13 10:49:07 | Re: how to measure performance slony |