Re: Proposal: Role Sandboxing for Secure Impersonation

Joe Conway <mail@joeconway.com>

From: Joe Conway <mail@joeconway.com>
To: Eric Hanson <eric@aquameta.com>, Wolfgang Walther <walther@technowledgy.de>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Jelte Fennema-Nio <postgres@jeltef.nl>, Robert Haas <robertmhaas@gmail.com>
Date: 2024-12-04T19:02:08Z
Lists: pgsql-hackers
On 12/4/24 11:13, Eric Hanson wrote:
> Thanks all for the input so far.  I think we are the "usual suspects" of 
> advocating for this feature. :)

Yeah, I looked at the old thread and came to the same conclusion ;-)

However on that thread[1] Jelte and Robert expressed a preference to 
accomplishing the goal via protocol changes. That is not my preference, 
but it would be worth hearing from them how firm they are in their 
resolve -- i.e. if we went down the path of adding grammar and support 
along the lines discussed here will they seek to block it from being 
committed? And similarly for others that have not spoken up at all.

I don't want to put a bunch of time and effort into something which is 
ultimately a dead end due to fundamental objections (which is why I made 
set_user an extension in the first place).

On the other hand, if there is a reasonable chance we can get buy in 
given a high enough quality implementation, I would be excited to work 
on it.


[1] 
https://postgr.es/m/flat/CACA6kxgdzt-oForijaxfXHHhnZ1WBoVGMXVwFrJqUu-Hg3C-jA%40mail.gmail.com
-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com