Re: set role command
| От | Michał Kłeczek |
|---|---|
| Тема | Re: set role command |
| Дата | |
| Msg-id | 539FB9D9-7542-487E-AFA7-152EFF9FCC89@kleczek.org обсуждение исходный текст |
| Ответ на | set role command (Calvin Guo <newoakllc2023@gmail.com>) |
| Список | pgsql-general |
> On 24 Nov 2025, at 09:15, Calvin Guo <newoakllc2023@gmail.com> wrote: > > I feel that set role logic is kindof misleading. > > I am a superuser, admin, > I do: > set role usera > Now I am under the security context of usera, so I think running any sql is safe as long as it's allowed by usera. > > Which is not the case! > as usera can do: > set role userb; other sql, > or > reset role; orther sql, > it turns out it's not safe at all, the sql can easily get access right of the super user. it can impernate userb thoughthey do not have any relationship whatso ever. > > I really feel, once you "set role usera", you should behave like usera, you should NOT have the power say: hi, I can assumemy super user power whenever I want. As this make the "set role usera" pretty much useless. > > It's unsafe! It is a known issue and there were various proposals (need to search pgsql-hackers list). One of them being “set role” messageat the protocol level (ie. unavailable from SQL). Another being “SET ROLE … PASSWORD …” and “RESET ROLE PASSWORD …”which would allow resetting the role only when password is known. I don’t think any of them gained traction to be honest. Kind regards, -- Michal
В списке pgsql-general по дате отправления: