Re: set role command - Ron Johnson

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ron Johnson <[email protected]>
To: pgsql-generallists.postgresql.org <[email protected]>
Subject: Re: set role command
Date: Mon, 24 Nov 2025 15:25:53 -0500
Message-ID: <CANzqJaB424ydLyw3VNPD=Yrvcvb2MmksczH9VY967EA3E=5v4w@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>

On Mon, Nov 24, 2025 at 2:46 PM Tom Lane <[email protected]> wrote:

> =?utf-8?Q?=C3=81lvaro?= Herrera <[email protected]> writes:
> > On 2025-Nov-24, Tom Lane wrote:
> >> I don't think so.  They are just shorthand for issuing a SET to the
> >> original value, so how do they break the model in a way that that
> >> doesn't?
>
> > No, because the new user doesn't have privs to become the previous one.
>
> Don't think you can make that argument from the standard, since
> it explicitly disclaims saying what privs are required.
>
> > It would be more
> > secure to have a mechanism where the connection is initially
> > unauthenticated altogether (which means: it's not a valid SQL session),
> > becomes authenticated at the pooler's will, and returns to
> > unauthenticated state as the pooler decides.  Critically, from
> > unauthenticated state you shouldn't be able to become superuser.
>
> I don't like the idea that a pooler or pretend-to-be pooler
> can eat up a backend session without having authenticated at all.
> Also, exactly what does "becomes authenticated at the pooler's will"
> mean?  There had better be some actual authentication happening
> somewhere.
>

A restriction that it can only happen when TLS authentication is used, and
the pooler is using its service account?

-- 
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: set role command
  In-Reply-To: <CANzqJaB424ydLyw3VNPD=Yrvcvb2MmksczH9VY967EA3E=5v4w@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox