Re: Switching connection on the fly - Mailing list pgsql-hackers

From Shridhar Daithankar
Subject Re: Switching connection on the fly
Date
Msg-id 3E358EC2.16247.120FA8@localhost
Whole thread Raw
In response to Re: Switching connection on the fly  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Switching connection on the fly
List pgsql-hackers
On 27 Jan 2003 at 9:16, Tom Lane wrote:

> "Shridhar Daithankar" <shridhar_daithankar@persistent.co.in> writes:
> > Is it possible for an established connection to backend, to switch user on the 
> > fly, if proper credentials are supplied?
> 
> Are you looking for SET SESSION AUTHORIZATION?

I went thr http://candle.pha.pa.us/main/writings/pgsql/sgml/sql-set-session-
authorization.html to get what it is. I didn't have an idea of such thing.

Back to the topic, yes, pretty much except for few differences. 

1) It says 'The session user identifier may be changed only if the initial 
session user (the authenticated user) had the superuser privilege. Otherwise, 
the command is accepted only if it specifies the authenticated user name.'

That mean an ordinary user can not set session to any other authorised user. It 
is like running setuid program with input accessible to any user.

2) Where do I specify password? I mean I take a password and start a connection 
to database. But when it comes to switching connection, there is no password. 
Probably because only superuser can switch connection?

If there is a password clause there and if any user can switch to any user, 
then it is the thing I am looking for. Probably even excluding switching to 
superuser as a security measure.

But thanks for it. That is very close.


ByeShridhar

--
And 1.1.81 is officially BugFree(tm), so if you receive any bug-reportson it, 
you know they are just evil lies."(By Linus Torvalds, 
Linus.Torvalds@cs.helsinki.fi)



pgsql-hackers by date:

Previous
From: Lee Kindness
Date:
Subject: Re: ECPG, threading and pooling
Next
From: "Reggie Burnett"
Date:
Subject: how do I get the table name from a query?