Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
| От | Simon Riggs |
|---|---|
| Тема | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Дата | |
| Msg-id | CANP8+jLHtZbj1eFr=11fXjgtL=4_NzgcNgYAgZ__7D3GzkWDRA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Список | pgsql-hackers |
On 19 May 2015 at 16:49, Robert Haas <robertmhaas@gmail.com> wrote:
--
On Tue, May 19, 2015 at 3:00 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
> As long as the cookie is randomly generated for each use, then I don't see a
> practical problem with that approach.
If the client sets the cookie via an SQL command, that command would
be written to the log, and displayed in pg_stat_activity. A malicious
user might be able to get it from one of those places.
A malicious user might also be able to just guess it. I don't really
want to create a situation where any weakess in pgpool's random number
generation becomes a privilege-escalation attack.
A protocol extension avoids all of that trouble, and can be target for
9.6 just like any other approach we might come up with. I actually
suspect the protocol extension will be FAR easier to fully secure, and
thus less work, not more.
That's a reasonable argument. So +1 to protocol from me.
To satisfy Tom, I think this would need to have two modes: one where the session can never be reset, for ultra security, and one where the session can be reset, which allows security and speed of pooling.
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: