| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Two-phase commit security restrictions |
| Date: | 2004-10-13 15:13:20 |
| Message-ID: | Pine.OSF.4.61.0410131758040.32604@kosh.hut.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
What kind of security restrictions do we want for prepared transactions?
Who has the right to finish a transaction that was started by user A? At
least the original user, I suppose, but who else?
Under what account is the transaction manager typically going to run? A
separate TM account perhaps?
Do we need a "GRANT TRANSACTION" command to give permission to finish 2PC
transcations?
Another approach I've been thinking about is to allow anyone that knows
the (user-supplied) global transaction identifier to finish the
transaction, and hide the gids of running transactions from regular users.
That way, the gid acts as a secret token that's only known by the
transaction manager, much like the cancel key.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-10-13 16:18:08 | Why we still see some reports of "could not access transaction status" |
| Previous Message | Marcos A Vaz Salles | 2004-10-13 14:42:54 | Re: Hypothetical Indexes |