Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] elog(FATAL)ing non-existent roles during client

From: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org, pgsql-patches(at)postgresql(dot)org
Subject: Re: [HACKERS] elog(FATAL)ing non-existent roles during client
Date: 2006-12-04 13:55:39
Message-ID: Pine.LNX.4.58.0612050055030.20148@linuxworld.com.au (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
On Tue, 5 Dec 2006, Gavin Sherry wrote:

> On Thu, 30 Nov 2006, Tom Lane wrote:
>
> > Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> > > I wonder if we should check if the role exists for the other
> > > authentication methods too? get_role_line() should be very cheap and it
> > > would prevent unnecessary authentication work if we did it before
> > > contacting, for example, the client ident server. Even with trust, it
> > > would save work because otherwise we do not check if the user exists until
> > > InitializeSessionUserId(), at which time we're set up our proc entry etc.
> >
> > This only saves work if the supplied ID is in fact invalid, which one
> > would surely think isn't the normal case; otherwise it costs more.
>
> Yes.
>
> > I could see doing this in the ident path, because contacting a remote
> > ident server is certainly expensive on both sides.  I doubt it's a good
> > idea in the trust case.
>
> Agreed. How about Kerberos too, applying the same logic?

Attached is a patch check adds the checks.

Gavin

Attachment: auth_check_role.diff
Description: text/plain (1.2 KB)

In response to

Responses

pgsql-hackers by date

Next:From: Oleg BartunovDate: 2006-12-04 14:00:52
Subject: GiN for 8.1 patch updated
Previous:From: Zdenek KotalaDate: 2006-12-04 13:47:45
Subject: Re: [HACKERS] Dynamic Tracing docs

pgsql-patches by date

Next:From: cmo1@libero.itDate: 2006-12-04 14:02:42
Subject: zope connection string
Previous:From: Zdenek KotalaDate: 2006-12-04 13:47:45
Subject: Re: [HACKERS] Dynamic Tracing docs

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group