On 27 Jan 2003 at 9:16, Tom Lane wrote:
> "Shridhar Daithankar" <shridhar_daithankar@persistent.co.in> writes:
> > Is it possible for an established connection to backend, to switch user on the
> > fly, if proper credentials are supplied?
>
> Are you looking for SET SESSION AUTHORIZATION?
I went thr http://candle.pha.pa.us/main/writings/pgsql/sgml/sql-set-session-
authorization.html to get what it is. I didn't have an idea of such thing.
Back to the topic, yes, pretty much except for few differences.
1) It says 'The session user identifier may be changed only if the initial
session user (the authenticated user) had the superuser privilege. Otherwise,
the command is accepted only if it specifies the authenticated user name.'
That mean an ordinary user can not set session to any other authorised user. It
is like running setuid program with input accessible to any user.
2) Where do I specify password? I mean I take a password and start a connection
to database. But when it comes to switching connection, there is no password.
Probably because only superuser can switch connection?
If there is a password clause there and if any user can switch to any user,
then it is the thing I am looking for. Probably even excluding switching to
superuser as a security measure.
But thanks for it. That is very close.
ByeShridhar
--
And 1.1.81 is officially BugFree(tm), so if you receive any bug-reportson it,
you know they are just evil lies."(By Linus Torvalds,
Linus.Torvalds@cs.helsinki.fi)
