Re: Preventing non-superusers from altering session authorization
От | Nathan Bossart |
---|---|
Тема | Re: Preventing non-superusers from altering session authorization |
Дата | |
Msg-id | 20230623175416.GA1268820@nathanxps13 обсуждение исходный текст |
Ответ на | Re: Preventing non-superusers from altering session authorization (Joseph Koshakow <koshy44@gmail.com>) |
Ответы |
Re: Preventing non-superusers from altering session authorization
|
Список | pgsql-hackers |
On Thu, Jun 22, 2023 at 06:39:45PM -0400, Joseph Koshakow wrote: > On Wed, Jun 21, 2023 at 11:48 PM Nathan Bossart <nathandbossart@gmail.com> > wrote: >> I see that RESET SESSION AUTHORIZATION >> with a concurrently dropped role will FATAL with your patch but succeed >> without it, which could be part of the reason. > > That might be a good change? If the original authenticated role ID no > longer exists then we may want to return an error when trying to set > your session authorization to that role. I was curious why we don't block DROP ROLE if there are active sessions for the role or terminate any such sessions as part of the command, and I found this discussion from 2016: https://postgr.es/m/flat/56E87CD8.60007%40ohmu.fi -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
В списке pgsql-hackers по дате отправления: