Re: [v9.1] Add security hook on initialization of instance - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: [v9.1] Add security hook on initialization of instance
Date
Msg-id 20100708133705.GN21875@tamriel.snowman.net
Whole thread Raw
In response to Re: [v9.1] Add security hook on initialization of instance  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: [v9.1] Add security hook on initialization of instance
Re: [v9.1] Add security hook on initialization of instance
List pgsql-hackers
Robert,

* Robert Haas (robertmhaas@gmail.com) wrote:
> 2010/6/16 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> > OK, fair enough. Please wait for a few days.
> > I'll introduce the proof-of-concept module until this week.
>
> I think we have decided not to pursue this, at least for now.  If that
> is the case, the CommitFest entry should be updated to Returned with
> Feedback.

I think RwF is fine (since I think we're still waiting on another patch
anyway) for this commitfest.  I don't want to shut the door entirely on
this for 9.1, but a new/updated patch could be done in a later
commitfest.

> FWIW, I am still of the opinion that we shouldn't have a hook here
> anyway, because there is no reason to complain about lack of a
> security context until the user performs an action which requires them
> to have a security context.

I don't agree with this, in general.  It may be a difficult problem to
solve though.  From my perspective the above is similar to saying we
don't need a pg_hba.conf or that we should open a database before
checking the user's credentials.  I'd like to give a security module the
ability to be involved in the initial connection authorization, but we
run into an issue there if that module then needs access to the catalog.
Perhaps it doesn't, but it seems like it would, to use to make a
decision.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: "Kevin Grittner"
Date:
Subject: Re: [RRR] Reviewfest 2010-06 Plans and Call for Reviewers
Next
From: Robert Haas
Date:
Subject: Re: [RRR] Reviewfest 2010-06 Plans and Call for Reviewers