| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, José Luis Tallón <jltallon(at)adv-solutions(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Date: | 2015-05-19 16:29:47 |
| Message-ID: | 20150519162947.GQ9584@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2015-05-19 10:53:10 -0400, Robert Haas wrote:
> That seems like a kludge to me. If the cookie leaks out somhow, which
> it will, then it'll be insecure. I think the way to do this is with a
> protocol extension that poolers can enable on request. Then they can
> just refuse to forward any "reset authorization" packets they get from
> their client. There's no backward-compatibility break because the
> pooler can know, from the server version, whether the server is new
> enough to support the new protocol messages.
That sounds like a worse approach to me. Don't you just need to hide the
session authorization bit in a function serverside to circumvent that?
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2015-05-19 16:43:54 | Re: a few thoughts on the schedule |
| Previous Message | Tom Lane | 2015-05-19 16:21:26 | Re: errmsg() clobbers errno |