Re: [PoC/RFC] Multiple passwords, interval expirations
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Gurjeet Singh <gurjeet@singh.im>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Stephen Frost <sfrost@snowman.net>, "Brindle, Joshua" <joshuqbr@amazon.com>, Jacob Champion <jchampion@timescale.com>
Date: 2023-10-06T19:26:31Z
Lists: pgsql-hackers
On Thu, Oct 05, 2023 at 01:09:36PM -0700, Jeff Davis wrote: > On Thu, 2023-10-05 at 14:04 -0500, Nathan Bossart wrote: >> That way, we needn't restrict this feature to 2 passwords for >> everyone. Perhaps 2 should be the default, but in any case, IMO we >> shouldn't design to only support 2. > > Are there use cases for lots of passwords, or is it just a matter of > not introducing an artificial limitation? I guess it's more of the latter. Perhaps one potential use case would be short-lived credentials that are created on demand. Such a password might only be valid for something like 15 minutes, and many users might have the ability to request a password for the database role. I don't know whether there is a ton of demand for such a use case, and it might already be solvable by just creating separate roles. In any case, if there's general agreement that we only want to target the rotation use case, that's fine by me. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
MergeAttributes: convert pg_attribute back to ColumnDef before comparing
- 4d969b2f85e1 17.0 cited