Re: On login trigger: take three
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: On login trigger: take three |
| Дата | |
| Msg-id | 32B082C9-F7DE-4832-9E7F-25975FF3068A@yesql.se обсуждение исходный текст |
| Ответ на | Re: On login trigger: take three (Greg Nancarrow <gregn4422@gmail.com>) |
| Список | pgsql-hackers |
> On 30 Sep 2021, at 04:15, Greg Nancarrow <gregn4422@gmail.com> wrote: > > On Wed, Sep 29, 2021 at 10:14 PM Teodor Sigaev <teodor@sigaev.ru> wrote: >> >> Nice feature, but, sorry, I see some design problem in suggested feature. AFAIK, >> there is two use cases for this feature: >> 1 A permission / prohibition to login some users >> 2 Just a logging of facts of user's login >> >> Suggested patch proposes prohibition of login only by failing of login trigger >> and it has at least two issues: >> 1 In case of prohibition to login, there is no clean way to store information >> about unsuccessful login. Ok, it could be solved by dblink module but it seems >> to scary. > > It's an area that could be improved, but the patch is more intended to > allow additional actions on successful login, as described by the > following (taken from the doc updates in the patch): > > + <para> > + The event trigger on the <literal>login</literal> event can be > + useful for logging user logins, for verifying the connection and > + assigning roles according to current circumstances, or for some > session data > + initialization. > + </para> Running user code with potential side effects on unsuccessful logins also open up the risk for (D)DoS attacks. -- Daniel Gustafsson https://vmware.com/
В списке pgsql-hackers по дате отправления: