Re: [v9.1] Add security hook on initialization of instance

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, KaiGai Kohei <kaigai@ak.jp.nec.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-07-08T14:42:51Z
Lists: pgsql-hackers
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Maybe so, but the proposed hook placement doesn't actually allow a
> plugin module to be "involved" in the authorization --- we've already
> decided the authorization is OK.  All it can do there is some additional
> initialization, which could equally well be done on first use (if any)
> of the additional information.

Right, I agree that the existing patch isn't what should be done here.

> There might be some value in letting a plugin actually have some control
> over the authentication process, but I'm not sure offhand what a
> reasonable hook design would be.

Definitely needs more thought, but that's the direction that I think
makes more sense.

	Thanks!

		Stephen