[
https://issues.apache.org/jira/browse/HAWQ-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alastair "Bell" Turner updated HAWQ-1089:
-----------------------------------------
Summary: Implement trustworthy user identity session variables (was:
Implement trustworthy user identity GUCs )
> Implement trustworthy user identity session variables
> -----------------------------------------------------
>
> Key: HAWQ-1089
> URL: https://issues.apache.org/jira/browse/HAWQ-1089
> Project: Apache HAWQ
> Issue Type: Sub-task
> Components: Security
> Reporter: Alastair "Bell" Turner
> Assignee: Lei Chang
> Fix For: backlog
>
>
> HAWQ currently implements the Postgres SET ROLE and SET SESSION constructs
> which can overwrite the session_user and current_user environment variables.
> This allows the a superuser (gpadmin) to change the visible user identity.
> If these changeable identities are passed down for impersonation then it
> invalidates some of the security benefits that user impersonation is supposed
> to provide.
> Changing the current SET ROLE and SET SESSION behaviour would have knock on
> effects for the security model for executing functions.
> The least intrusive route to having reliable user identity information to
> pass down is exposing the oringially authorised user and authorisation method
> (as defined in pg_hba) as read-only environment variables (maybe called
> auth_user and auth_method?) in the session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
