| From: | "Drouvot, Bertrand" <bertranddrouvot(dot)pg(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag |
| Date: | 2023-09-28 12:37:02 |
| Message-ID: | bcc36259-7850-4882-97ef-d6b905d2fc51@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
Please find attached a patch proposal to $SUBJECT.
This patch allows the role provided in BackgroundWorkerInitializeConnection()
and BackgroundWorkerInitializeConnectionByOid() to lack login authorization.
In InitPostgres(), in case of a background worker, authentication is not performed
(PerformAuthentication() is not called), so having the role used to connect to the database
lacking login authorization seems to make sense.
With this new flag in place, one could give "high" privileges to the role used to initialize
the background workers connections without any risk of seeing this role being used by a
"normal user" to login.
The attached patch:
- adds the new flag
- adds documentation
- adds testing
Looking forward to your feedback,
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Allow-background-workers-to-bypass-login-check.patch | text/plain | 12.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zhijie Hou (Fujitsu) | 2023-09-28 12:38:20 | RE: [PoC] pg_upgrade: allow to upgrade publisher node |
| Previous Message | Данил Столповских | 2023-09-28 12:13:29 | Allow deleting enumerated values from an existing enumerated data type |