Re: "set role" semantics - Mailing list pgsql-general

From Bryn Llewellyn
Subject Re: "set role" semantics
Date
Msg-id 095E6036-23F6-42FD-B1C6-F5A56B69B8ED@yugabyte.com
Whole thread Raw
In response to Re: "set role" semantics  (Adrian Klaver <adrian.klaver@aklaver.com>)
List pgsql-general
> adrian.klaver@aklaver.com wrote:
>
>> bryn@yugabyte.com wrote:
>>
>> Anyway, all this is moot (except in that thinking about it helps me to enrich my mental model) because the privilege
notionshere will never change. 
>
> So, I want it but not really.

I’d rather say “I’d very much prefer it if I had it. But, because I don’t, I will have to write a comment essay to
explainwhat tests might show and why these outcomes that might seem worrisome at first sight can be seen, after an
exerciseof reasoning, to be harmless. I’m not a fan of that kind of essay writing. But I’ll do it if I have to. 

>> Yes I have actually done this. But rigorous testing remains to be done... The point (conforming to the principle of
leastprivilege) is that sessions that connect as "client" must not be allowed to do arbitrary SQL. Rather, they should
beable to do only what has been explicitly "white-listed" in by the encapsulation provided by the API-defining
subprograms.
>
> All right that I get.

Good. I’m relieved that you haven’t (yet) spotted a flaw in my scheme.


pgsql-general by date:

Previous
From: Julien Rouhaud
Date:
Subject: Re: List user databases
Next
From: Ian Lawrence Barwick
Date:
Subject: Re: List user databases