| From: | Michał Kłeczek <michal(at)kleczek(dot)org> |
|---|---|
| To: | Eric Hanson <eric(at)aquameta(dot)com> |
| Cc: | Wolfgang Walther <walther(at)technowledgy(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal: Role Sandboxing for Secure Impersonation |
| Date: | 2024-12-04 19:49:36 |
| Message-ID: | 89B3C4BA-60F0-4A73-ADAF-D8C89FBD563F@kleczek.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 4 Dec 2024, at 17:13, Eric Hanson <eric(at)aquameta(dot)com> wrote:
>
> On Mon, Dec 2, 2024 at 10:31 AM Wolfgang Walther <walther(at)technowledgy(dot)de <mailto:walther(at)technowledgy(dot)de>> wrote:
>> Eric Hanson:
>> > a) Transaction ("local") Sandbox:
>> > - SET LOCAL ROLE alice NO RESET;
>> > - SET LOCAL ROLE alice WITHOUT RESET;
[snip]
>> > c) "Guarded" Transaction/Session
>> > - SET [LOCAL] ROLE alice GUARDED BY reset_token;
>> > - RESET ROLE WITH TOKEN reset_token;
These are preferable options for PostgREST (at least as long as JWT based impersonation is implemented in Postgres).
>> >
>> > Guarded sandboxes are nice because the session can also exit the sandbox
>> > if it has the token.
>> d) SET [LOCAL] ROLE alice WITH <password>;
>>
PostgREST does not know alice's password as it performs JWT based authentication.
Regards
—
Michal
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-12-04 20:28:36 | Re: Potential ABI breakage in upcoming minor releases |
| Previous Message | Tom Lane | 2024-12-04 19:41:19 | Re: Cannot find a working 64-bit integer type on Illumos |