From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Karel Zak <zakkr(at)zf(dot)jcu(dot)cz> |
Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SET SESSION AUTHORIZATION (was Re: Real/effective user) |
Date: | 2001-04-23 21:20:23 |
Message-ID: | Pine.LNX.4.30.0104232306590.758-100000@peter.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Karel Zak writes:
> Great! With this feature is possible use persisten connection and
> on-the-fly changing actual user, right? It's very useful for example
> web application that checking user privilege via SQL layout.
A real persistent connection solution would require real session
management, especially the ability to reset configuration options made
during the previous session.
> (connected as superuser)
>
> set session authorization 'userA';
> set session authorization 'userB';
>
> IMHO it must be disable, right must be something like:
>
> set session authorization 'userA';
> unset session authorization; <-- switch back to superuser
> set session authorization 'userB';
You can't "unset" the session user, there must always be one because there
is nothing below it.
> ..like as on Linux:
>
> # su - zakkr
> $ id -u
> 1000
> $ su - jmarek
> Password:
> su: Authentication failure
> Sorry.
The difference here is that 'su' also starts a new session but set session
authorization changes the state of the current session. So 'su' is
similar to
START SESSION; -- Don't know if this is the syntax.
SET SESSION AUTHORIZATION 'xxx';
all in one command. When and if we get real session management we will
probably have the ability to revert user identity changes like you
probably imagine.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
From | Date | Subject | |
---|---|---|---|
Next Message | Len Morgan | 2001-04-23 22:20:36 | Re: refusing connections based on load ... |
Previous Message | August Zajonc | 2001-04-23 20:45:25 | Re: refusing connections based on load ... |