On 05/17/2015 07:39 PM, Tom Lane wrote:
=?windows-1252?Q?Jos=E9_Luis_Tall=F3n?= <jltal...@adv-solutions.net> writes:
On the other hand, ISTM that what we all intend to achieve is some
Postgres equivalent of the SUID bit... so why not just do something
equivalent?
-------
LOGIN -- as user with the appropriate role membership / privilege?
...
SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
... do whatever ... -- unprivileged user can NOT do the
"impersonate" thing
DISCARD ALL -- implicitly restore previous authz
-------
Oh? What stops the unprivileged user from doing DISCARD ALL?
Indeed. The pooler would need to block this.
Or we would need to invent another (this time, privileged) verb in order
to restore authz.
I think if we have something like this, it has to be non-resettable
period: you can't get back the old session ID except by reconnecting
and re-authorizing. Otherwise there's just too much risk of security
holes.
Yes.
Thank you for your feedback, Tom.
/ J.L.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
