| From: | "Drouvot, Bertrand" <bdrouvot(at)amazon(dot)com> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com>, Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: SYSTEM_USER reserved word implementation |
| Date: | 2022-06-23 08:06:43 |
| Message-ID: | ec5bd135-25a2-9cac-3f67-1a7dae2cbff3@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 6/22/22 5:35 PM, Jacob Champion wrote:
> On Wed, Jun 22, 2022 at 8:10 AM Joe Conway <mail(at)joeconway(dot)com> wrote:
>> On the contrary, I would argue that not having the identifier for the
>> external "user" available is a security concern. Ideally you want to be
>> able to trace actions inside Postgres to the actual user that invoked them.
> If auditing is also the use case for SYSTEM_USER, you'll probably want
> to review the arguments for making it available to parallel workers
> that were made in the other thread [1].
Thanks Jacob for your feedback.
I did some testing initially around the parallel workers and did not see
any issues at that time.
I just had another look and I agree that the parallel workers case needs
to be addressed.
I'll have a closer look to what you have done in [1].
Thanks
Bertrand
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Drouvot, Bertrand | 2022-06-23 08:07:41 | Re: Missing reference to pgstat_replslot.c in pgstat.c |
| Previous Message | Dilip Kumar | 2022-06-23 07:55:29 | Re: Make relfile tombstone files conditional on WAL level |