| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Nico Williams <nico(at)cryptonector(dot)com> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Date: | 2017-10-18 21:13:29 |
| Message-ID: | CAKFQuwbTnbvbbzc4XNnJn7a+cpzDJMjia0J-k6dk3C4xwk2ncQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 18, 2017 at 2:08 PM, Nico Williams <nico(at)cryptonector(dot)com>
wrote:
> On Wed, Oct 18, 2017 at 01:43:30PM -0700, David G. Johnston wrote:
>
> More useful than this, for me, would be a way to get the top-most user.
>
>
That would be "session_user"?
> Introducing the concept of a stack at the SQL level here seems, at
> > first glance, to be over-complicating things.
>
> Because of the current implementation of invocation of SECURITY DEFINER
> functions, a stack is trivial to build, since it's a list of nodes
> allocated on the C stack in fmgr_security_definer().
>
Not saying its difficult (or not) to code in C; but exposing that to SQL
seems like a big step.
If I was in position to dive deeper I wouldn't foreclose on the stack idea
but I'd be inclined to see if something else could be made to work with
reasonable effort.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nico Williams | 2017-10-18 21:30:22 | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Previous Message | Nico Williams | 2017-10-18 21:08:00 | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |