| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Steele <david(at)pgmasters(dot)net> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Allow root ownership of client certificate key |
| Date: | 2022-01-18 20:41:02 |
| Message-ID: | 377058.1642538462@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Steele <david(at)pgmasters(dot)net> writes:
> [ client-key-perm-002.patch ]
I took a quick look at this and agree with the proposed behavior
change, but also with your self-criticisms:
> We may want to do the same on the server side to make the code blocks
> look more similar.
>
> Also, on the server side the S_ISREG() check gets its own error and that
> might be a good idea on the client side as well. As it is, the error
> message on the client is going to be pretty confusing in this case.
Particularly, I think the S_ISREG check should happen before any
ownership/permissions checks; it just seems saner that way.
The only other nitpick I have is that I'd make the cross-references be
to the two file names, ie like "Note that similar checks are performed
in fe-secure-openssl.c ..." References to the specific functions seem
likely to bit-rot in the face of future code rearrangements.
I suppose filename references could become obsolete too, but it
seems less likely.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Darafei Komяpa Praliaskouski | 2022-01-18 20:48:19 | Re: [PATCH] reduce page overlap of GiST indexes built using sorted method |
| Previous Message | sergei sh. | 2022-01-18 20:26:05 | Re: [PATCH] reduce page overlap of GiST indexes built using sorted method |