| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: elog(FATAL)ing non-existent roles during client authentication |
| Date: | 2006-11-30 06:30:15 |
| Message-ID: | 9121.1164868215@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> I wonder if we should check if the role exists for the other
> authentication methods too? get_role_line() should be very cheap and it
> would prevent unnecessary authentication work if we did it before
> contacting, for example, the client ident server. Even with trust, it
> would save work because otherwise we do not check if the user exists until
> InitializeSessionUserId(), at which time we're set up our proc entry etc.
This only saves work if the supplied ID is in fact invalid, which one
would surely think isn't the normal case; otherwise it costs more.
I could see doing this in the ident path, because contacting a remote
ident server is certainly expensive on both sides. I doubt it's a good
idea in the trust case.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeroen T. Vermeulen | 2006-11-30 06:33:03 | Re: Keep-alive support |
| Previous Message | Andrew - Supernews | 2006-11-30 05:25:17 | Re: custom variable classes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zdenek Kotala | 2006-12-01 20:20:21 | Re: Configuring BLCKSZ and XLOGSEGSZ (in 8.3) |
| Previous Message | Gavin Sherry | 2006-11-30 03:33:26 | elog(FATAL)ing non-existent roles during client authentication |