Re: [v9.1] Add security hook on initialization of instance

Robert,

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> 2010/6/16 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> > OK, fair enough. Please wait for a few days.
> > I'll introduce the proof-of-concept module until this week.
>
> I think we have decided not to pursue this, at least for now. If that
> is the case, the CommitFest entry should be updated to Returned with
> Feedback.

I think RwF is fine (since I think we're still waiting on another patch
anyway) for this commitfest. I don't want to shut the door entirely on
this for 9.1, but a new/updated patch could be done in a later
commitfest.

> FWIW, I am still of the opinion that we shouldn't have a hook here
> anyway, because there is no reason to complain about lack of a
> security context until the user performs an action which requires them
> to have a security context.

I don't agree with this, in general. It may be a difficult problem to
solve though. From my perspective the above is similar to saying we
don't need a pg_hba.conf or that we should open a database before
checking the user's credentials. I'd like to give a security module the
ability to be involved in the initial connection authorization, but we
run into an issue there if that module then needs access to the catalog.
Perhaps it doesn't, but it seems like it would, to use to make a
decision.

Thanks,

Stephen