Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
| От | Tom Lane |
|---|---|
| Тема | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Дата | |
| Msg-id | 1833.1431884354@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (José Luis Tallón<jltallon@adv-solutions.net>) |
| Ответы |
Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
|
| Список | pgsql-hackers |
José Luis Tallón <jltallon@adv-solutions.net> writes:
> On the other hand, ISTM that what we all intend to achieve is some
> Postgres equivalent of the SUID bit... so why not just do something
> equivalent?
> -------
> LOGIN -- as user with the appropriate role membership / privilege?
> ...
> SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
> ... do whatever ... -- unprivileged user can NOT do the
> "impersonate" thing
> DISCARD ALL -- implicitly restore previous authz
> -------
Oh? What stops the unprivileged user from doing DISCARD ALL?
I think if we have something like this, it has to be non-resettable
period: you can't get back the old session ID except by reconnecting
and re-authorizing. Otherwise there's just too much risk of security
holes.
regards, tom lane
В списке pgsql-hackers по дате отправления: