Re: [v9.1] Add security hook on initialization of instance - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [v9.1] Add security hook on initialization of instance
Date
Msg-id 24811.1278600035@sss.pgh.pa.us
Whole thread Raw
In response to Re: [v9.1] Add security hook on initialization of instance  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [v9.1] Add security hook on initialization of instance
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> FWIW, I am still of the opinion that we shouldn't have a hook here
>> anyway, because there is no reason to complain about lack of a
>> security context until the user performs an action which requires them
>> to have a security context.

> I don't agree with this, in general.  It may be a difficult problem to
> solve though.  From my perspective the above is similar to saying we
> don't need a pg_hba.conf or that we should open a database before
> checking the user's credentials.  I'd like to give a security module the
> ability to be involved in the initial connection authorization, but we
> run into an issue there if that module then needs access to the catalog.

Maybe so, but the proposed hook placement doesn't actually allow a
plugin module to be "involved" in the authorization --- we've already
decided the authorization is OK.  All it can do there is some additional
initialization, which could equally well be done on first use (if any)
of the additional information.

There might be some value in letting a plugin actually have some control
over the authentication process, but I'm not sure offhand what a
reasonable hook design would be.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: patch: preload dictionary new version
Next
From: Robert Haas
Date:
Subject: Re: [v9.1] Add security hook on initialization of instance