Home > mailing lists

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
Date	May 19, 2015 19:29:55
Msg-id	20150519162947.GQ9584@alap3.anarazel.de Whole thread Raw
In response to	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On 2015-05-19 10:53:10 -0400, Robert Haas wrote:
> That seems like a kludge to me.  If the cookie leaks out somhow, which
> it will, then it'll be insecure.  I think the way to do this is with a
> protocol extension that poolers can enable on request.  Then they can
> just refuse to forward any "reset authorization" packets they get from
> their client.  There's no backward-compatibility break because the
> pooler can know, from the server version, whether the server is new
> enough to support the new protocol messages.

That sounds like a worse approach to me. Don't you just need to hide the
session authorization bit in a function serverside to circumvent that?

Greetings,

Andres Freund

pgsql-hackers by date:

From: Tom Lane
Date: 19 May 2015, 19:21:32
Subject: Re: errmsg() clobbers errno

From: "Joshua D. Drake"
Date: 19 May 2015, 19:43:47
Subject: Re: a few thoughts on the schedule

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

Previous

Next