subject:"\[HACKERS\] SET SESSION AUTHORIZATION superuser limitation."

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-23 Thread Robert Haas

On Mon, Dec 21, 2015 at 9:27 PM, Craig Ringer wrote: > Right now the logs just have to be treated as security critical. Which > sucks, but is not easily solved. > > Nothing is going to stop: > > ALTER USER fred PAWORD 'sekrit'; > > from logging the password in a

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-21 Thread Robert Haas

On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane wrote: > The syntax you propose exposes the user's password in cleartext in > the command, where it is likely to get captured in logs for example. > That's not going to do. Of course, right now, the ALTER USER ... PASSWORD command has

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-21 Thread Craig Ringer

On 21 December 2015 at 22:57, Tom Lane wrote: > Robert Haas writes: > > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane wrote: > >> The syntax you propose exposes the user's password in cleartext in > >> the command, where it is likely

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-21 Thread Dmitry Igrishin

2015-12-21 17:57 GMT+03:00 Tom Lane : > Robert Haas writes: > > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane wrote: > >> The syntax you propose exposes the user's password in cleartext in > >> the command, where it is likely to get

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-21 Thread Tom Lane

Robert Haas writes: > On Sun, Dec 20, 2015 at 1:47 PM, Tom Lane wrote: >> The syntax you propose exposes the user's password in cleartext in >> the command, where it is likely to get captured in logs for example. >> That's not going to do. > Of course,

[HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-20 Thread Dmitry Igrishin

Hackers, There are feature which may be useful in conjunction with connection pools. It is the ability to change the session user without creating the new connection, like this: (pseudo REPL): notsuperuser > SELECT current_user, session_user; notsuperuser notsuperuser notsuperuser > SET SESSION

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-20 Thread Tom Lane

Dmitry Igrishin writes: > There are feature which may be useful in conjunction with connection pools. > It is the ability to change the session user without creating the new > connection, like this: > (pseudo REPL): > notsuperuser > SELECT current_user, session_user; >

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

2015-12-20 Thread Dmitry Igrishin

2015-12-20 21:47 GMT+03:00 Tom Lane : > Dmitry Igrishin writes: > > There are feature which may be useful in conjunction with connection > pools. > > It is the ability to change the session user without creating the new > > connection, like this: > >

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

[HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

Re: [HACKERS] SET SESSION AUTHORIZATION superuser limitation.

8 matches

Site Navigation

Mail list logo

Footer information