From: | "Marko Kreen" <markokr(at)gmail(dot)com> |
---|---|
To: | "Postgres Hackers" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Withdraw PL/Proxy from commitfest |
Date: | 2008-09-05 12:39:52 |
Message-ID: | e51f66da0809050539x1b25ebb9t7fd664fd67b9f607@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
In the previous discussion there was mentioned that Postgres should
move to the SQL-MED direction in remote connection handling.
SQL-MED specifies that connections should have names and referenced
everywhere using names. PL/Proxy currently does not conform to that
standard - it uses connection strings directly. Although it could
made work with SQL-MED backend, it would look ugly.
So I'd like to withdraw PL/Proxy from commitfest and rework it's
connection handling scheme to be also name->connstr based. Idea will
be that it will have user-definable connection handling backend,
which operates on named connections. And in the future we can
plug in a backend that reuses connection info from builtin SQL-MED store.
Although the current connection handling works and is secure it has
a deficiency that it's bit hard to hide the password that is used
for connecting. User can either play with table/function permissions
and SECURITY DEFINER functions but that's complex. Or he can put
passwords into .pgpass - this is easy and secure but has the problem
that the file is not manageable from inside database.
So PL/Proxy needs new SQL-MED based scheme that fixes it. When this
is ready we can re-discuss the builtin vs. PL-based remote functions.
As I don't plan to work on it near-term there is no point polluting
the commitfest page with it.
[ There was a attempt to paint the .pgpass based password handling
insecure because dblink makes the file world-readable. I still
fail to see how this any way points to flaws of the scheme... ]
--
marko
From | Date | Subject | |
---|---|---|---|
Next Message | Markus Wanner | 2008-09-05 12:40:26 | Re: Patch: propose to include 3 new functions into intarray and intagg |
Previous Message | Markus Wanner | 2008-09-05 12:35:24 | Re: Patch: propose to include 3 new functions into intarray and intagg |