Re: [v9.2] Add GUC sepgsql.client_label
| От | Yeb Havinga |
|---|---|
| Тема | Re: [v9.2] Add GUC sepgsql.client_label |
| Дата | |
| Msg-id | 4F28084C.3010109@gmail.com обсуждение исходный текст |
| Ответ на | Re: [v9.2] Add GUC sepgsql.client_label (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
On 2012-01-31 15:28, Robert Haas wrote: > > *scratches head* > > I'm not sure I follow you. If you're saying that we can make this > work by always allowing the value to be reset, then I agree with you, > but I'm not sure those are the semantics KaiGai wants. For instance, > if a connection pooler does: > > SET sepgsql.client_label = 'bob_t'; > > ...and then hands off to the client, the client can then do: > > RESET sepgsql.client_label; > SET sepgsql.client_label = 'alice_t'; > > ....and that's bad. Hmm yes this is a problem. Reading the original post better, it is also not the intended behaviour to support repeatable client_label switches. "However, single-directed domain transition from bigger-privileges to smaller-privileged domain by users' operation is also supported on operating system, and useful feature to restrict applications capability at beginning of the session." -- Yeb Havinga http://www.mgrid.net/ Mastering Medical Data
В списке pgsql-hackers по дате отправления: