On Wed, May 20, 2015 at 8:22 PM, Jim Nasby <jim.na...@bluetreble.com> wrote: >> It might be a good idea to do something like this, but it's >> significantly more complicated than a protocol-level SET SESSION >> AUTHORIZATION. Right now, you can never go backwards from an >> authenticated state to an unauthenticated state, and there may be code >> in the backend that relies on that in subtle ways. The initial >> bootstrap sequence is pretty complicated, and I'm pretty sure that any >> naive attempt to redo that stuff is going to have unpleasant, probably >> security-relevant bugs. > > What about the middle-ground of not doing de-auth right now? That eliminates > your concerns but still allows getting rid of ugly things like copies of the > password file (FWIW, my understanding is pgBouncer was meant more to run on > the database server where you'd just point it at the native password file).
Uh, I don't have a clue what you mean when you say "the middle ground of not doing de-auth right now". -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
