| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | "Drouvot, Bertrand" <bdrouvot(at)amazon(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: SYSTEM_USER reserved word implementation |
| Date: | 2022-06-22 16:22:36 |
| Message-ID: | d92c878c-ace0-6abe-b39f-c7cc45be2939@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/22/22 11:52, Tom Lane wrote:
> Jacob Champion <jchampion(at)timescale(dot)com> writes:
>> On Wed, Jun 22, 2022 at 8:10 AM Joe Conway <mail(at)joeconway(dot)com> wrote:
>>> In case port->authn_id is NULL then the patch is returning the SESSION_USER for the SYSTEM_USER. Perhaps it should return NULL instead.
>
>> If the spec says that SYSTEM_USER "represents the operating system
>> user", but we don't actually know who that user was (authn_id is
>> NULL), then I think SYSTEM_USER should also be NULL so as not to
>> mislead auditors.
>
> Yeah, that seems like a fundamental type mismatch. If we don't know
> the OS user identifier, substituting a SQL role name is surely not
> the right thing.
+1 agreed
> I think a case could be made for ONLY returning non-null when authn_id
> represents some externally-verified identifier (OS user ID gotten via
> peer identification, Kerberos principal, etc).
But -1 on that.
I think any time we have a non-null authn_id we should expose it. Are
there examples of cases when we have authn_id but for some reason don't
trust the value of it?
--
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2022-06-22 16:26:46 | Re: SYSTEM_USER reserved word implementation |
| Previous Message | Tom Lane | 2022-06-22 15:52:27 | Re: SYSTEM_USER reserved word implementation |