| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [v9.1] Add security hook on initialization of instance |
| Date: | 2010-06-15 03:47:48 |
| Message-ID: | 4C16F7E4.6040705@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(2010/06/15 12:28), Tom Lane wrote:
> KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
>>>>> The attached patch tries to add one more security hook on the
>>>>> initialization of PostgreSQL instance (InitPostgres()).
>
>>> Yeah, but so what? Stephen's point is still valid.
>
>> On the hook, I'd like to obtain security context of the client process
>> which connected to the PostgreSQL instance. It is not available at the
>> _PG_init() phase, because clients don't connect yet.
>
> InitPostgres is called by a number of process types that don't *have*
> clients. I concur with the other opinions that this hook is badly
> thought out.
>
I intended to skip it when InitPostgres() is called without clients.
For example, the hook might be better to put on PerformAuthentication()
for more clarification of the purpose.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2010-06-15 04:46:21 | Re: Proposal for 9.1: WAL streaming from WAL buffers |
| Previous Message | Robert Haas | 2010-06-15 03:35:40 | Re: warning message in standby |