| From: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
|---|---|
| To: | Ajit Awekar <ajitpostgres(at)gmail(dot)com> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Hannu Krosing <hannuk(at)google(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Dave Cramer <davecramer(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Periodic authorization expiration checks using GoAway message |
| Date: | 2026-01-22 07:40:38 |
| Message-ID: | CAN4CZFNPNm6XWa8QtoYuGatARMddSUDHReW6o8Y5k4kTHm4sDQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello!
> Done. I have modified the condition check so as it will not impact users
> having rolvaliduntil to NULL.
Thanks! After one more look at this, shouldn't we refresh the cache if
AuthCheckNeeded, regardless of the valid until timestamp value? (for
example by moving the >0 condition to the inner if)
Consider the following scenario:
1. user logs in, without a valid until date set
2. valid until is set to something
3. existing session started in 1 will never be terminated
postgres.c:5368 - I missed this in my previos review, the error
message should start with a lowercase character.
> This patch introduces a mechanism to address the security issue of stale,
> authorized connections persisting beyond their validity period. .
postgres.c:5326 - if the user was dropped, but the connection is still
active, the patch silently ignores it. That matches the current
behavior of postgres, but is that the expected behavior in the context
of this patch?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bertrand Drouvot | 2026-01-22 07:43:07 | Re: Flush some statistics within running transactions |
| Previous Message | Chao Li | 2026-01-22 07:34:32 | Re: Add WALRCV_CONNECTING state to walreceiver |