Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: elog(FATAL)ing non-existent roles during client authentication
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
- Cc: pgsql-hackers(at)postgresql(dot)org
- Subject: Re: elog(FATAL)ing non-existent roles during client authentication
- Date: Thu, 30 Nov 2006 01:30:15 -0500
Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes: > I wonder if we should check if the role exists for the other > authentication methods too? get_role_line() should be very cheap and it > would prevent unnecessary authentication work if we did it before > contacting, for example, the client ident server. Even with trust, it > would save work because otherwise we do not check if the user exists until > InitializeSessionUserId(), at which time we're set up our proc entry etc. This only saves work if the supplied ID is in fact invalid, which one would surely think isn't the normal case; otherwise it costs more. I could see doing this in the ident path, because contacting a remote ident server is certainly expensive on both sides. I doubt it's a good idea in the trust case. regards, tom lane
- References:
- elog(FATAL)ing non-existent roles during client authentication
- From: Gavin Sherry
- elog(FATAL)ing non-existent roles during client authentication
- Prev by Date: Re: custom variable classes
- Next by Date: Re: "Optional ident" authentication
- Previous by thread: elog(FATAL)ing non-existent roles during client authentication
- Next by thread: SSL and cert chains
- Indexes: