| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, José Luis Tallón <jltallon(at)adv-solutions(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Date: | 2015-05-20 15:21:09 |
| Message-ID: | CA+TgmoZmiQQQRPK79qwCWaxUYo=bbPVy1FJ+F4C7TWpBo=8FsQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 19, 2015 at 5:02 PM, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
> That's a reasonable argument. So +1 to protocol from me.
>
> To satisfy Tom, I think this would need to have two modes: one where the
> session can never be reset, for ultra security, and one where the session
> can be reset, which allows security and speed of pooling.
I think the the second one is a lot more interesting, but I don't have
a problem with having the first one, too, if somebody wants it. We
can use one protocol message for both, with a 1-byte character field
used to indicate which mode the client is requesting.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-05-20 15:21:52 | Re: Disabling trust/ident authentication configure option |
| Previous Message | Bruno Harbulot | 2015-05-20 15:13:21 | Re: Problems with question marks in operators (JDBC, ECPG, ...) |