Home > mailing lists

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
Date	May 19, 2015 23:49:30
Msg-id	CA+TgmoaUav+WNGDDqhQ3CCZeGtrGotjoGfUJqkhgwgPZbLUf0g@mail.gmail.com Whole thread Raw
In response to	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Simon Riggs <simon@2ndQuadrant.com>)
Responses	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Simon Riggs <simon@2ndQuadrant.com>) Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Noah Misch <noah@leadboat.com>)
List	pgsql-hackers

Tree view

On Tue, May 19, 2015 at 3:00 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
> As long as the cookie is randomly generated for each use, then I don't see a
> practical problem with that approach.

If the client sets the cookie via an SQL command, that command would
be written to the log, and displayed in pg_stat_activity.  A malicious
user might be able to get it from one of those places.

A malicious user might also be able to just guess it.  I don't really
want to create a situation where any weakess in pgpool's random number
generation becomes a privilege-escalation attack.

A protocol extension avoids all of that trouble, and can be target for
9.6 just like any other approach we might come up with.  I actually
suspect the protocol extension will be FAR easier to fully secure, and
thus less work, not more.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 19 May 2015, 23:44:18
Subject: Re: RFC: Non-user-resettable SET SESSION AUTHORISATION

From: Peter Geoghegan
Date: 19 May 2015, 23:49:55
Subject: Re: INSERT ... ON CONFLICT DO UPDATE with _any_ constraint

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

Previous

Next