Two-phase commit security restrictions
| От | Heikki Linnakangas |
|---|---|
| Тема | Two-phase commit security restrictions |
| Дата | |
| Msg-id | Pine.OSF.4.61.0410131758040.32604@kosh.hut.fi обсуждение исходный текст |
| Ответы |
Re: Two-phase commit security restrictions
Re: Two-phase commit security restrictions Re: Two-phase commit security restrictions Re: Two-phase commit security restrictions |
| Список | pgsql-hackers |
What kind of security restrictions do we want for prepared transactions? Who has the right to finish a transaction that was started by user A? At least the original user, I suppose, but who else? Under what account is the transaction manager typically going to run? A separate TM account perhaps? Do we need a "GRANT TRANSACTION" command to give permission to finish 2PC transcations? Another approach I've been thinking about is to allow anyone that knows the (user-supplied) global transaction identifier to finish the transaction, and hide the gids of running transactions from regular users. That way, the gid acts as a secret token that's only known by the transaction manager, much like the cancel key. - Heikki
В списке pgsql-hackers по дате отправления: