From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [v9.1] Add security hook on initialization of instance |
Date: | 2010-07-08 14:54:46 |
Message-ID: | AANLkTikIUmLD0swvFSpMg8eLCULtHO6O8IWHpCq-yLIv@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jul 8, 2010 at 10:48 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> I think we have to assume that whatever actions a pluggable security
>> provider might take at authentication time are going to be based on
>> information from outside the database.
>
> I feel that would be perfect for 9.1 and supporting access to the
> general catalog is something that, if we figure out a sane way to
> do it, we could always add later (if there's demand, etc).
>
> For those bits of the catalog which *do* meet the requirements you
> mention, I hope it'll be possible for the security module to access
> them? Does make me wonder if we might consider adding a field to those
> to support a label rather than trying to figure out a way for a third
> party to provide a shared/nailed relation.
I'm not sure what the best thing to do about this is. I think it
might be a good idea to start with some discussion of what problems
people are trying to solve (hopefully N > 1?) and then try to figure
out what a good solution might look like.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2010-07-08 14:58:09 | Re: [v9.1] Add security hook on initialization of instance |
Previous Message | Stephen Frost | 2010-07-08 14:48:26 | Re: [v9.1] Add security hook on initialization of instance |