Home > mailing lists

Re: sudo-like behavior - Mailing list pgsql-general

From	Tom Lane
Subject	Re: sudo-like behavior
Date	April 22, 2006 18:08:43
Msg-id	7978.1145729311@sss.pgh.pa.us Whole thread Raw
In response to	Re: sudo-like behavior ("Florian G. Pflug" <fgp@phlo.org>)
Responses	Re: sudo-like behavior ("Florian G. Pflug" <fgp@phlo.org>)
List	pgsql-general

Tree view

"Florian G. Pflug" <fgp@phlo.org> writes:
> Why don't you just use "SET SESSION AUTHORIZATION somerole", and then scan
> the to-be-executel sql scripts for any occurence of "reset session authorization",
> and ignore the script it matches.

What would probably be better is a way to do SET SESSION AUTHORIZATION
and then abandon the underlying superuser privilege, thereby absolutely
guaranteeing that the session can't do anything the selected userid
shouldn't be able to do.  You'd have to start a new session for each
cronjob, but that would be a Really Good Idea anyway, given the lack of
any way to fully restore a session to default state.

            regards, tom lane

pgsql-general by date:

From: "Dave Page"
Date: 22 April 2006, 18:03:31
Subject: Re: Debian package for freeradius_postgresql module

From: "Florian G. Pflug"
Date: 22 April 2006, 18:22:30
Subject: Re: sudo-like behavior

Re: sudo-like behavior - Mailing list pgsql-general

Previous

Next