Quick Links

Re: Proposal: access control jails (and introduction as aspiring GSoC student)

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Josh Berkus <josh(at)agliodbs(dot)com>
Cc:	Joseph Adams <joeyadams3(dot)14159(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date:	2010-03-23 17:42:49
Message-ID:	603c8f071003231042y3da3536ufcf0c7c691489a55@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, Mar 23, 2010 at 1:28 PM, Josh Berkus <josh(at)agliodbs(dot)com> wrote:
> I don't think that the idea of turning on the jail mode via a
> session-level switch works, given the realities of connection pooling.
> Also, I do not believe that we currently have any USERSET variable which
> can be turned on but not off, so that would require adding a whole new mode.

I think this could be done with an assign hook.

> BTW, if you wanted something less ambitious, we have a longstanding
> request to implement "local superuser", that is, the ability to give one
> role the ability to edit other roles in one database only.

But roles aren't database-specific... they're globals.

...Robert

In response to

Re: Proposal: access control jails (and introduction as aspiring GSoC student) at 2010-03-23 17:28:34 from Josh Berkus

Responses

Re: Proposal: access control jails (and introduction as aspiring GSoC student) at 2010-03-23 18:43:58 from Alvaro Herrera

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Gokulakannan Somasundaram	2010-03-23 17:43:06	Re: Deadlock possibility in _bt_check_unique?
Previous Message	Robert Haas	2010-03-23 17:41:30	Re: 9.0 release notes done