On 27 Jan 2003 at 9:16, Tom Lane wrote: > "Shridhar Daithankar" <[EMAIL PROTECTED]> writes: > > Is it possible for an established connection to backend, to switch user on the > > fly, if proper credentials are supplied? > > Are you looking for SET SESSION AUTHORIZATION?
I went thr http://candle.pha.pa.us/main/writings/pgsql/sgml/sql-set-session- authorization.html to get what it is. I didn't have an idea of such thing. Back to the topic, yes, pretty much except for few differences. 1) It says 'The session user identifier may be changed only if the initial session user (the authenticated user) had the superuser privilege. Otherwise, the command is accepted only if it specifies the authenticated user name.' That mean an ordinary user can not set session to any other authorised user. It is like running setuid program with input accessible to any user. 2) Where do I specify password? I mean I take a password and start a connection to database. But when it comes to switching connection, there is no password. Probably because only superuser can switch connection? If there is a password clause there and if any user can switch to any user, then it is the thing I am looking for. Probably even excluding switching to superuser as a security measure. But thanks for it. That is very close. Bye Shridhar -- And 1.1.81 is officially BugFree(tm), so if you receive any bug-reportson it, you know they are just evil lies."(By Linus Torvalds, [EMAIL PROTECTED]) ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
