Re: RFC: Non-user-resettable SET SESSION AUTHORISATION

From: José Luis Tallón <jltallon(at)adv-solutions(dot)net>
To: Simon Riggs <simon(at)2ndQuadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
Date: 2015-05-19 20:33:59
Message-ID: 555B9E37.9060104@adv-solutions.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 05/19/2015 09:00 PM, Simon Riggs wrote:
> [snip]
>
>
> I think the idea of having SET SESSION AUTH pass a cookie, and
> only let
> RESET SESSION AUTH work when the same cookie is supplied, is pretty
> reasonable.
>
>
> As long as the cookie is randomly generated for each use, then I don't
> see a practical problem with that approach.
>
> Protocol level solution means we have to wait 1.5 years before anybody
> can begin using that. I'm also dubious that a small hole in the
> protocol arrangements could slam that door shut because we couldn't
> easily backpatch.
>
> Having an in-core pooler would be just wonderful because then we could
> more easily trust it and we wouldn't need to worry.

Ufff.... Please don't do that.
Postgres is "just" a database. And a very good one at that. Let us keep
it that way and not try to re-implement everything within it --- We're
not "the big red company" after all :)

There are places where a pooler is badly needed.... and others where it
is just overkill and counterproductive.
Plus, scalability models / usage patterns are not nearly the same (nor
even compatible sometimes!) between databases and poolers.

There exist perfectly good solutions already (and they can certainly be
improved), such as PgBouncer (or even PgPool-II) or others can be adopted.

Just my .02€

/ J.L.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Kevin Grittner 2015-05-19 20:36:10 Re: Problems with question marks in operators (JDBC, ECPG, ...)
Previous Message Peter Geoghegan 2015-05-19 20:21:38 Re: Per row status during INSERT .. ON CONFLICT UPDATE?