Re: [HACKERS] elog(FATAL)ing non-existent roles during client

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, pgsql-patches(at)postgresql(dot)org
Subject: Re: [HACKERS] elog(FATAL)ing non-existent roles during client
Date: 2007-02-04 02:40:59
Message-ID: 200702040240.l142exB26540@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches


Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

---------------------------------------------------------------------------

Gavin Sherry wrote:
> On Tue, 5 Dec 2006, Gavin Sherry wrote:
>
> > On Thu, 30 Nov 2006, Tom Lane wrote:
> >
> > > Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> > > > I wonder if we should check if the role exists for the other
> > > > authentication methods too? get_role_line() should be very cheap and it
> > > > would prevent unnecessary authentication work if we did it before
> > > > contacting, for example, the client ident server. Even with trust, it
> > > > would save work because otherwise we do not check if the user exists until
> > > > InitializeSessionUserId(), at which time we're set up our proc entry etc.
> > >
> > > This only saves work if the supplied ID is in fact invalid, which one
> > > would surely think isn't the normal case; otherwise it costs more.
> >
> > Yes.
> >
> > > I could see doing this in the ident path, because contacting a remote
> > > ident server is certainly expensive on both sides. I doubt it's a good
> > > idea in the trust case.
> >
> > Agreed. How about Kerberos too, applying the same logic?
>
> Attached is a patch check adds the checks.
>
> Gavin
Content-Description:

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match

--
Bruce Momjian bruce(at)momjian(dot)us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2007-02-04 02:54:38 Re: this patch correct upper and lower case for translated month's and day's names
Previous Message Bruce Momjian 2007-02-04 02:38:07 Re: Bundle of patches

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2007-02-04 02:54:38 Re: this patch correct upper and lower case for translated month's and day's names
Previous Message Bruce Momjian 2007-02-04 02:38:07 Re: Bundle of patches