Re: Fwd: A million users
| От | Eric Hanson |
|---|---|
| Тема | Re: Fwd: A million users |
| Дата | |
| Msg-id | CACA6kxiRjFCwq6toyY4iXAcQuQsgnobdcmXgdJTZ82fp4idpZg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Fwd: A million users (walther@technowledgy.de) |
| Список | pgsql-general |
On Fri, Nov 22, 2024 at 6:57 AM <walther@technowledgy.de> wrote:
Yeah, this is still on my list of things to research more about
eventually - currently still unsolved.
For my use-case the NO RESET would need to apply until the end of the
transaction, not end of the session.
I imagine something like an extension, that would:
- block any SET SESSION ROLE
- block any RESET ROLE
- only allow SET LOCAL ROLE when CURRENT_USER has the right to do so
Then the effect of SET LOCAL ROLE would still be reversed at the end of
the transaction, but you could never "escape" a SET LOCAL ROLE that was
set earlier.
As things are now, would someone be able to do a RESET ROLE if *any* code/function had a SQL injection vulnerability, or only if there was one in the pooler? Or (ideally) neither. That's what a NO RESET option (or some similar functionality) would provide with certainty.
I found this extension:
but haven't used it. Seems to address this though, they introduce a set_session_auth(token) function and then reset_role requires the token if session_auth has been set.
Thanks,
Eric
В списке pgsql-general по дате отправления: