public inbox for [email protected]
help / color / mirror / Atom feedFrom: Eric Hanson <[email protected]>
To: [email protected]
Cc: Dominique Devienne <[email protected]>
Cc: Alvaro Herrera <[email protected]>
Cc: Vijaykumar Jain <[email protected]>
Cc: pgsql-general <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Fwd: A million users
Date: Fri, 22 Nov 2024 17:23:19 -0600
Message-ID: <CACA6kxiRjFCwq6toyY4iXAcQuQsgnobdcmXgdJTZ82fp4idpZg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAM+6J97Jd5WnxdyFu1-s+wvJrWPL_YvP3yeuQVwy3HJvK=KUTQ@mail.gmail.com>
<[email protected]>
<CAFCRh-9Le3fkJMWGuHdFPP-kfHdEAAchFZf0msEq3hNijixbFw@mail.gmail.com>
<[email protected]>
<CACA6kxh5EWZPMR5XCEXh3C-t-bBfdhbge1z+nGFpCOUgbZK+EA@mail.gmail.com>
<[email protected]>
On Fri, Nov 22, 2024 at 6:57 AM <[email protected]> wrote:
> Yeah, this is still on my list of things to research more about
> eventually - currently still unsolved.
>
> For my use-case the NO RESET would need to apply until the end of the
> transaction, not end of the session.
>
> I imagine something like an extension, that would:
> - block any SET SESSION ROLE
> - block any RESET ROLE
> - only allow SET LOCAL ROLE when CURRENT_USER has the right to do so
>
> Then the effect of SET LOCAL ROLE would still be reversed at the end of
> the transaction, but you could never "escape" a SET LOCAL ROLE that was
> set earlier.
As things are now, would someone be able to do a RESET ROLE if *any*
code/function had a SQL injection vulnerability, or only if there was one
in the pooler? Or (ideally) neither. That's what a NO RESET option (or
some similar functionality) would provide with certainty.
I found this extension:
https://github.com/pgaudit/set_user
but haven't used it. Seems to address this though, they introduce a
set_session_auth(token) function and then reset_role requires the token if
session_auth has been set.
Thanks,
Eric
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Fwd: A million users
In-Reply-To: <CACA6kxiRjFCwq6toyY4iXAcQuQsgnobdcmXgdJTZ82fp4idpZg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox