Home > mailing lists

Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date	March 23, 2010 17:43:03
Msg-id	603c8f071003231042y3da3536ufcf0c7c691489a55@mail.gmail.com Whole thread Raw
In response to	Re: Proposal: access control jails (and introduction as aspiring GSoC student) (Josh Berkus <josh@agliodbs.com>)
Responses	Re: Proposal: access control jails (and introduction as aspiring GSoC student)
List	pgsql-hackers

Tree view

On Tue, Mar 23, 2010 at 1:28 PM, Josh Berkus <josh@agliodbs.com> wrote:
> I don't think that the idea of turning on the jail mode via a
> session-level switch works, given the realities of connection pooling.
> Also, I do not believe that we currently have any USERSET variable which
> can be turned on but not off, so that would require adding a whole new mode.

I think this could be done with an assign hook.

> BTW, if you wanted something less ambitious, we have a longstanding
> request to implement "local superuser", that is, the ability to give one
> role the ability to edit other roles in one database only.

But roles aren't database-specific...  they're globals.

...Robert

pgsql-hackers by date:

From: Robert Haas
Date: 23 March 2010, 17:41:47
Subject: Re: 9.0 release notes done

From: Gokulakannan Somasundaram
Date: 23 March 2010, 17:43:19
Subject: Re: Deadlock possibility in _bt_check_unique?

Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

Previous

Next