Home > mailing lists

Re: [v9.1] Add security hook on initialization of instance - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: [v9.1] Add security hook on initialization of instance
Date	July 9, 2010 14:52:32
Msg-id	20100709145222.GS21875@tamriel.snowman.net Whole thread Raw
In response to	Re: [v9.1] Add security hook on initialization of instance (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [v9.1] Add security hook on initialization of instance Re: [v9.1] Add security hook on initialization of instance
List	pgsql-hackers

Tree view

* Stephen Frost (sfrost@snowman.net) wrote:
> Guess my first thought was that you'd have a database-level label that
> would be used by SELinux to validate a connection.  A second thought is
> labels for roles.  KaiGai, can you provide your thoughts on this
> discussion/approach/problems?  I realize it's come a bit far-afield from
> your original proposal.

Something else which has come up but is related is the ability to
support a "pam_tally"-like function in PG.  Basically, the ability to
lock users out if they've had too many failed login attempts.  I wonder
if we could add this hook (or maybe have more than one if necessary) in
a way to support a contrib module for that.
Thanks,
    Stephen

pgsql-hackers by date:

From: Simon Riggs
Date: 09 July 2010, 14:51:41
Subject: Re: [COMMITTERS] pgsql: Add a hook in ExecCheckRTPerms().

From: Yeb Havinga
Date: 09 July 2010, 14:56:30
Subject: FYI: Ubuntu 10.04 lucid strange segfault

Re: [v9.1] Add security hook on initialization of instance - Mailing list pgsql-hackers

Previous

Next