From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Jacob Champion <pchampion(at)vmware(dot)com> |
Cc: | "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "rjuju123(at)gmail(dot)com" <rjuju123(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net> |
Subject: | Re: [PATCH] Expose port->authn_id to extensions and triggers |
Date: | 2022-03-29 23:53:32 |
Message-ID: | 20220329235332.z4q5hgv7jsmcavzv@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
On 2022-03-29 23:38:29 +0000, Jacob Champion wrote:
> On Sat, 2022-03-26 at 11:36 -0700, Andres Freund wrote:
> > > I also note that exposing it as a GUC means we have zero control over
> > > who/what can read it. Maybe that's not a problem, but it needs to be
> > > thought about before we go down that path.
> >
> > Yes, I think that's a fair concern.
>
> I like that there's no builtin way, today, for a superuser to modify
> the internal value; it strengthens the use as an auditing tool. Moving
> this to a PGC_SU_BACKEND GUC seems to weaken that. And it looks like
> PGC_INTERNAL is skipped during the serialization, so if we chose that
> option, we'd need to write new code anyway?
It'd be pretty simple to change can_skip_gucvar()'s selection of what to
sync. E.g. an additional flag like GUC_PARALLEL_SYNCHRONIZE.
I'm not convinced that a GUC is the answer, to be clear.
> We'd also need to guess whether the GUC system's serialization of NULL
> as an empty string is likely to cause problems for any future auth
> methods.
You can't represent a NULL in a postgres 'text' datum, independent of
parallelism. So the current definition of pg_session_authn_id() already
precludes that (and set_authn_id() and ...). Honestly, I can't see a reason
why we should ever allow authn_id to contain a NULL byte.
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2022-03-30 00:06:24 | Re: pg_stat_reset_single_*_counters vs pg_stat_database.stats_reset |
Previous Message | Greg Stark | 2022-03-29 23:51:26 | Re: Temporary tables versus wraparound... again |