|From:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|To:||David Steele <david(at)pgmasters(dot)net>|
|Cc:||Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org>|
|Subject:||Re: Allow root ownership of client certificate key|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
David Steele <david(at)pgmasters(dot)net> writes:
> [ client-key-perm-002.patch ]
I took a quick look at this and agree with the proposed behavior
change, but also with your self-criticisms:
> We may want to do the same on the server side to make the code blocks
> look more similar.
> Also, on the server side the S_ISREG() check gets its own error and that
> might be a good idea on the client side as well. As it is, the error
> message on the client is going to be pretty confusing in this case.
Particularly, I think the S_ISREG check should happen before any
ownership/permissions checks; it just seems saner that way.
The only other nitpick I have is that I'd make the cross-references be
to the two file names, ie like "Note that similar checks are performed
in fe-secure-openssl.c ..." References to the specific functions seem
likely to bit-rot in the face of future code rearrangements.
I suppose filename references could become obsolete too, but it
seems less likely.
regards, tom lane
|Next Message||Darafei Komяpa Praliaskouski||2022-01-18 20:48:19||Re: [PATCH] reduce page overlap of GiST indexes built using sorted method|
|Previous Message||sergei sh.||2022-01-18 20:26:05||Re: [PATCH] reduce page overlap of GiST indexes built using sorted method|