On Fri, Nov 22, 2024 at 6:57 AM <walt...@technowledgy.de> wrote: > Yeah, this is still on my list of things to research more about > eventually - currently still unsolved. > > For my use-case the NO RESET would need to apply until the end of the > transaction, not end of the session. > > I imagine something like an extension, that would: > - block any SET SESSION ROLE > - block any RESET ROLE > - only allow SET LOCAL ROLE when CURRENT_USER has the right to do so > > Then the effect of SET LOCAL ROLE would still be reversed at the end of > the transaction, but you could never "escape" a SET LOCAL ROLE that was > set earlier.
As things are now, would someone be able to do a RESET ROLE if *any* code/function had a SQL injection vulnerability, or only if there was one in the pooler? Or (ideally) neither. That's what a NO RESET option (or some similar functionality) would provide with certainty. I found this extension: https://github.com/pgaudit/set_user but haven't used it. Seems to address this though, they introduce a set_session_auth(token) function and then reset_role requires the token if session_auth has been set. Thanks, Eric