Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? - Mailing list pgsql-general

From Karsten Hilbert
Subject Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
Date
Msg-id YyG2QTB++IwPod24@hermes.hilbert.loc
Whole thread Raw
In response to Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?  (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
List pgsql-general
Am Wed, Sep 14, 2022 at 10:10:30AM +0200 schrieb Karsten Hilbert:

> Am Tue, Sep 13, 2022 at 05:10:58PM -0400 schrieb Tom Lane:
>
> > (I recall that somewhere we have some code that warns about no-op
> > grants.  I wonder if issuing a warning for no-op revokes would be
> > helpful.)
>
> Surely, in the light of security a no-op revoke is
> potentially more dangerous than a no-op grant.

In the sense where no-op means "despite being revoked it is
still granted by another grant" rather than "the revoke is a
no-op because it is already revoked", that is.

(although the latter can be used to inform on the first if
the latter extends to all "levels" of revokage ... :-)

Thanks,
Karsten
--
GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B



pgsql-general by date:

Previous
From: Matthias Apitz
Date:
Subject: Mysterious performance degradation in exceptional cases
Next
From: misha1966 misha1966
Date:
Subject: CVE-2022-2625