From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, José Luis Tallón <jltallon(at)adv-solutions(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
Date: | 2015-05-19 21:02:51 |
Message-ID: | CANP8+jLHtZbj1eFr=11fXjgtL=4_NzgcNgYAgZ__7D3GzkWDRA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 19 May 2015 at 16:49, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Tue, May 19, 2015 at 3:00 PM, Simon Riggs <simon(at)2ndquadrant(dot)com>
> wrote:
> > As long as the cookie is randomly generated for each use, then I don't
> see a
> > practical problem with that approach.
>
> If the client sets the cookie via an SQL command, that command would
> be written to the log, and displayed in pg_stat_activity. A malicious
> user might be able to get it from one of those places.
>
> A malicious user might also be able to just guess it. I don't really
> want to create a situation where any weakess in pgpool's random number
> generation becomes a privilege-escalation attack.
>
> A protocol extension avoids all of that trouble, and can be target for
> 9.6 just like any other approach we might come up with. I actually
> suspect the protocol extension will be FAR easier to fully secure, and
> thus less work, not more.
That's a reasonable argument. So +1 to protocol from me.
To satisfy Tom, I think this would need to have two modes: one where the
session can never be reset, for ultra security, and one where the session
can be reset, which allows security and speed of pooling.
--
Simon Riggs http://www.2ndQuadrant.com/
<http://www.2ndquadrant.com/>
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2015-05-19 21:10:39 | Re: INSERT ... ON CONFLICT DO UPDATE with _any_ constraint |
Previous Message | Simon Riggs | 2015-05-19 20:57:25 | Re: INSERT ... ON CONFLICT DO UPDATE with _any_ constraint |