From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp>, Ian Barwick <ian(dot)barwick(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status) |
Date: | 2019-12-29 13:35:32 |
Message-ID: | CADK3HHK+ye-y2_edkXNfZ=0AmZbcLif54A7nYH34ps3patNVcg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, 6 Nov 2019 at 11:09, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Tue, Nov 5, 2019 at 10:02 AM Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
> wrote:
> > There's a reason the SQL standard defines SET SESSION AUTHORIZATION but
> > no RESET SESSION AUTHORIZATION: once you enter a security context, you
> > cannot escape it. ISTM that essentially we broke feature F321 "User
> > authorization" by adding RESET into the mix. (I think RESET ROLE breaks
> > the spirit of feature T331 too.) The SQL:2016 standard describes how
> > this is supposed to work in Foundation "4.40.1.1 SQL-session
> > authorization identifiers" (same section is numbered 4.35.1.1 in
> > SQL:2011), and ISTM we made a huge mess of it.
> >
> > I don't see how to fix it, though. If we were to adopt the standard's
> > mechanism, we'd probably break tons of existing code.
>
> It wouldn't be difficult to introduce a new protocol-level option that
> prohibits RESET SESSION AUTHORIZATION; and it would also be possible
> to introduce a new protocol message that has the same effect as RESET
> SESSION AUTHORIZATION. If you do those two things, then it's possible
> to create a sandbox which the end client cannot escape but which the
> pooler can escape easily.
>
So where are we on this patch ? AFAICT using _pq is a protocol level option.
Dave Cramer
davec(at)postgresintl(dot)com
www.postgresintl.com
From | Date | Subject | |
---|---|---|---|
Next Message | Vik Fearing | 2019-12-29 13:58:49 | Re: Greatest Common Divisor |
Previous Message | Masahiko Sawada | 2019-12-29 13:06:23 | Re: [HACKERS] Block level parallel vacuum |