| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Antonin Houska <ah(at)cybertec(dot)at>, Peter Eisentraut <peter(at)eisentraut(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2024-10-28 13:24:00 |
| Message-ID: | 545ABDDE-8EA9-4CD5-8556-57C5681C4598@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 25 Oct 2024, at 20:22, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> I have combed almost all of Daniel's feedback backwards into the main
> patch (just the new bzero code remains, with the open question
> upthread),
Re-reading I can't see a vector there, I guess I am just scarred from what
seemed to be harmless leaks in auth codepaths and treat every bit as
potentially important. Feel free to drop from the patchset for now.
> Next up is, hopefully, url-encoding. I hadn't realized what an
> absolute mess that would be [1].
Everything and anything involving urls is a hot mess =/
Looking more at the patchset I think we need to apply conditional compilation
of the backend for oauth like how we do with other opt-in schemes in configure
and meson. The attached .txt has a diff for making --with-oauth a requirement
for compiling support into backend libpq.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| backend_with_oauth.txt | text/plain | 5.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-10-28 13:33:41 | Re: In-placre persistance change of a relation |
| Previous Message | Ashutosh Bapat | 2024-10-28 13:19:11 | Re: Alias of VALUES RTE in explain plan |