(2010/06/14 21:15), Robert Haas wrote: > 2010/6/14 KaiGai Kohei<kai...@kaigai.gr.jp>: >> (2010/06/14 20:01), Stephen Frost wrote: >>> * KaiGai Kohei (kai...@ak.jp.nec.com) wrote: >>>> The attached patch tries to add one more security hook on the >>>> initialization of PostgreSQL instance (InitPostgres()). >>>> >>>> It gives the external security module a chance to initialize itself, >>>> and acquire credential of the client. >>>> >>>> I assumed the best place to initialize the module is just after the >>>> initialize_acl() invocation, if ESP is available. >>>> We have not discussed about this hook yet. So, I'd like to see any >>>> comments. >>> >>> Aren't modules given a __PG_Init or something similar that they can >>> define which will be called when the module is loaded..? >>> >> I assume the security module shall be loaded within >> 'shared_preload_libraries', >> because we can overwrite 'local_preload_libraries' (PGC_BACKEND) setting >> using >> connection string, so it allows users to bypass security features, doesn't >> it? > > Yeah, but so what? Stephen's point is still valid. > On the hook, I'd like to obtain security context of the client process which connected to the PostgreSQL instance. It is not available at the _PG_init() phase, because clients don't connect yet.
Thanks, -- KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
