<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 12/31/23 1:19 PM, Joe Conway wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f261000a-f18d-40fd-aeee-0f5d548b4332(at)joeconway(dot)com">On
12/30/23 17:19, Michał Kłeczek wrote:
<br>
<blockquote type="cite">
<br>
<blockquote type="cite">On 30 Dec 2023, at 17:16, Eric Hanson
<a class="moz-txt-link-rfc2396E" href="mailto:eric(at)aquameta(dot)com"><eric(at)aquameta(dot)com></a> wrote:
<br>
<br>
What do you think of adding a NO RESET option to the SET ROLE
command?
<br>
</blockquote>
<br>
What I proposed some time ago is SET ROLE … GUARDED BY
‘password’, so that you could later: RESET ROLE WITH ‘password'
<br>
</blockquote>
<br>
I like that too, but see it as a separate feature. FWIW that is
also supported by the set_user extension referenced elsewhere on
this thread.
</blockquote>
That means you'd need to manage that password. ISTM a better
mechanism to do this in SQL would be a method of changing roles that
returns a nonce that you'd then use to reset your role. I believe
that'd also make it practical to do this server-side in the various
PLs.<br>
</body>
</html>