| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Eric Hanson <eric(at)aquameta(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SET ROLE x NO RESET |
| Date: | 2024-01-03 23:40:43 |
| Message-ID: | ZZXwe/DzMqhFCDai@ubby |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Dec 30, 2023 at 10:16:59AM -0600, Eric Hanson wrote:
> What do you think of adding a NO RESET option to the SET ROLE command?
I've wanted this forever. Consider using this to implement user
authentication mechanisms in user-defined SQL functions that use `SET
ROLE` with `NO RESET` to "login" the user. One could implement JWT (or
whatever bearer token schemes) on the server side in PlPgSQL w/ pgcrypto
this way, with zero changes to PG itself, no protocol changes, etc.
For bearer token schemes one could acquire the token externally to the
client and then just `SELECT login(?)`, bind the token, and execute to
login.
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nico Williams | 2024-01-03 23:47:19 | Re: SET ROLE x NO RESET |
| Previous Message | Tom Lane | 2024-01-03 23:39:29 | Re: Add a perl function in Cluster.pm to generate WAL |