Skip site navigation (1) Skip section navigation (2)

Re: elog(FATAL)ing non-existent roles during client authentication

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: elog(FATAL)ing non-existent roles during client authentication
Date: 2006-11-30 06:30:15
Message-ID: 9121.1164868215@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> I wonder if we should check if the role exists for the other
> authentication methods too? get_role_line() should be very cheap and it
> would prevent unnecessary authentication work if we did it before
> contacting, for example, the client ident server. Even with trust, it
> would save work because otherwise we do not check if the user exists until
> InitializeSessionUserId(), at which time we're set up our proc entry etc.

This only saves work if the supplied ID is in fact invalid, which one
would surely think isn't the normal case; otherwise it costs more.

I could see doing this in the ident path, because contacting a remote
ident server is certainly expensive on both sides.  I doubt it's a good
idea in the trust case.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Jeroen T. VermeulenDate: 2006-11-30 06:33:03
Subject: Re: Keep-alive support
Previous:From: Andrew - SupernewsDate: 2006-11-30 05:25:17
Subject: Re: custom variable classes

pgsql-patches by date

Next:From: Zdenek KotalaDate: 2006-12-01 20:20:21
Subject: Re: Configuring BLCKSZ and XLOGSEGSZ (in 8.3)
Previous:From: Gavin SherryDate: 2006-11-30 03:33:26
Subject: elog(FATAL)ing non-existent roles during client authentication

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group