| From: | Dmitry Igrishin <dmitigr(at)gmail(dot)com> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | oleg yusim <olegyusim(at)gmail(dot)com>, PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Session Identifiers |
| Date: | 2015-12-20 17:56:04 |
| Message-ID: | CAAfz9KNQp8SsM44fjUVO_GDUx_Ou-K2uh0NtZm5Fr0s4aLga9Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
2015-12-20 19:44 GMT+03:00 Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>:
>
>
> 2015-12-20 17:30 GMT+01:00 Dmitry Igrishin <dmitigr(at)gmail(dot)com>:
>
>> Can be totally different if you use some connection pooler like pgpool or
>>> pgbouncer - these applications can reuse Postgres server sessions for more
>>> user sessions.
>>>
>> BTW, AFAIK, it's not possible to change the session authentication
>> information by
>> using SET SESSION AUTHORIZATION [1] if the current user is not a
>> superuser.
>> But it would be very nice to have a feature to change the session
>> authorization
>> of current user even without superuser's privilege by supplying a
>> password of
>> the user specified in SET SESSION AUTHORIZATION. This feature allows
>> to use PostgreSQL's native privileges via connection pools -- i.e. without
>> needs to open a dedicated connection for authenticated user. Is it
>> possible
>> to implement it?
>>
>
> there is a workaround with security definer function and SET role TO ?
>
No there isn't. According to [2] "SET ROLE cannot be used within SECURITY
DEFINER function". Furthermore, SET ROLE doesn't affects the session_user's
function result which can be used by a logic.
[2] http://www.postgresql.org/docs/9.4/static/sql-set-role.html
--
// Dmitry.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2015-12-20 18:00:55 | Re: Session Identifiers |
| Previous Message | Pavel Stehule | 2015-12-20 17:53:56 | Re: Session Identifiers |