From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Marko Kreen <markokr(at)gmail(dot)com> |
Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Successor of MD5 authentication, let's use SCRAM |
Date: | 2012-10-12 19:47:12 |
Message-ID: | 20121012194712.GS29165@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Marko Kreen (markokr(at)gmail(dot)com) wrote:
> As it works only on connect
> time, it can actually be secure, unlike user switching
> with SET ROLE.
I'm guessing your issue with SET ROLE is that a RESET ROLE can be issued
later..? If so, I'd suggest that we look at fixing that, but realize it
could break poolers. For that matter, I'm not sure how the proposal to
allow connections to be authenticated as one user but authorized as
another (which we actually already support in some cases, eg: peer)
*wouldn't* break poolers, unless you're suggesting they either use a
separate connection for every user, or reconnect every time, both of
which strike me as defeating a great deal of the point of having a
pooler in the first place...
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2012-10-12 19:52:54 | [PATCH] assign result of query to psql variable |
Previous Message | Stephen Frost | 2012-10-12 19:44:06 | Re: Successor of MD5 authentication, let's use SCRAM |