Re: elog(FATAL)ing non-existent roles during client authentication
| От | Tom Lane |
|---|---|
| Тема | Re: elog(FATAL)ing non-existent roles during client authentication |
| Дата | |
| Msg-id | 9121.1164868215@sss.pgh.pa.us обсуждение |
| Ответ на | elog(FATAL)ing non-existent roles during client authentication (Gavin Sherry <swm@linuxworld.com.au>) |
| Ответы |
Re: elog(FATAL)ing non-existent roles during client
|
| Список | pgsql-hackers |
Gavin Sherry <swm@linuxworld.com.au> writes:
> I wonder if we should check if the role exists for the other
> authentication methods too? get_role_line() should be very cheap and it
> would prevent unnecessary authentication work if we did it before
> contacting, for example, the client ident server. Even with trust, it
> would save work because otherwise we do not check if the user exists until
> InitializeSessionUserId(), at which time we're set up our proc entry etc.
This only saves work if the supplied ID is in fact invalid, which one
would surely think isn't the normal case; otherwise it costs more.
I could see doing this in the ident path, because contacting a remote
ident server is certainly expensive on both sides. I doubt it's a good
idea in the trust case.
regards, tom lane
В списке pgsql-hackers по дате отправления: