| From: | Vik Fearing <vik(at)2ndquadrant(dot)fr> |
|---|---|
| To: | Joel Jacobson <joel(at)trustly(dot)com>, Jaime Casanova <jaime(dot)casanova(at)2ndquadrant(dot)com> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: autonomous transactions |
| Date: | 2016-08-31 22:12:57 |
| Message-ID: | 66e39c6e-8db3-548d-5fc5-3eb1154052a4@2ndquadrant.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08/31/2016 03:09 PM, Joel Jacobson wrote:
> On Wed, Aug 31, 2016 at 6:41 AM, Jaime Casanova
> <jaime(dot)casanova(at)2ndquadrant(dot)com> wrote:
>>
>> On 30 August 2016 at 23:10, Joel Jacobson <joel(at)trustly(dot)com> wrote:
>>>
>>> There should be a way to within the session and/or txn permanently
>>> block autonomous transactions.
>>>
>>
>> This will defeat one of the use cases of autonomous transactions: auditing
>
> My idea on how to deal with this would be to mark the function to be
> "AUTONOMOUS" similar to how a function is marked to be "PARALLEL
> SAFE",
> and to throw an error if a caller that has blocked autonomous
> transactions tries to call a function that is marked to be autonomous.
>
> That way none of the code that needs to be audited would ever get executed.
Part of what people want this for is to audit what people *try* to do.
We can already audit what they've actually done.
With your solution, we still wouldn't know when an unauthorized attempt
to do something happened.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2016-08-31 22:15:16 | Re: _mdfd_getseg can be expensive |
| Previous Message | Andres Freund | 2016-08-31 22:08:33 | Re: _mdfd_getseg can be expensive |