| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Hannu Krosing <hannuk(at)google(dot)com>, Ajit Awekar <ajitpostgres(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Dave Cramer <davecramer(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Periodic authorization expiration checks using GoAway message |
| Date: | 2025-12-16 19:53:55 |
| Message-ID: | CAOYmi+m1y7LsNxvaqi+3rSOK-mpn3dEMH1u1jdFQvyU60N27AA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Dec 15, 2025 at 1:50 PM Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
> What metadata
> are you worried about changing mid transaction that could mess stuff
> up? The primary one I can imagine is the username
The HBA inputs can't be allowed to change; that's not what I'm worried about.
The system_user might change. Cached SCRAM keys can change. Every
certificate-derived piece of metadata in sslinfo could change.
MyProcPort->peer and MyProcPort->gss might be wholly reassigned. And
any user-metadata functions provided by OAuth validator modules would
need to carefully consider their volatility guarantees at minimum.
There's probably more.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2025-12-16 20:04:54 | Re: Remaining dependency on setlocale() |
| Previous Message | Noah Misch | 2025-12-16 19:24:03 | Re: pg_dump crash due to incomplete ordering of DO_SUBSCRIPTION_REL objects |