Re: Force SSL / username combination

On Friday 13 July 2007 05:21, Gregory Stark wrote:
> "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net> writes:
> > I'm guessing the lack of response is due to a lack of knowledge on the
> > topic. Personally I've never quite understood how you'd make use of the
> > sslinfo functions to manage connections without something like on commit
> > triggers, so I hope you'll consider submitting some documentation once
> > you figure it out.
>
> Well if you do the popular technique of doing everything through stored
> procedures (in our case plpgsql functions) then you can have those
> functions check. I don't like that approach myself though.
>

Right. This approach always seemed "too late" to me, since the user was
already connected at that point.

> You could also have a column with a default value which uses the sslinfo to
> retrieve the common name. Or you could have a trigger which throws an error
> if that function doesn't return valid value. Either way you would be doing
> a lot more work than necessary since it would be checking every row, not
> once per session. And it wouldn't stop selects.
>
> I think what you really want is a ON CONNECT trigger for this.

lol! I surely meant ON CONNECT triggers above! I'm pretty sure PostgreSQL can
do "on commit" triggers right now. :-D

--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL