Re: [v9.1] Add security hook on initialization of instance
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: Stephen Frost <sfrost@snowman.net>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>, Robert Haas <robertmhaas@gmail.com>, pgsql-hackers@postgresql.org
Date: 2010-06-14T11:12:40Z
Lists: pgsql-hackers
(2010/06/14 20:01), Stephen Frost wrote: > * KaiGai Kohei (kaigai@ak.jp.nec.com) wrote: >> The attached patch tries to add one more security hook on the >> initialization of PostgreSQL instance (InitPostgres()). >> >> It gives the external security module a chance to initialize itself, >> and acquire credential of the client. >> >> I assumed the best place to initialize the module is just after the >> initialize_acl() invocation, if ESP is available. >> We have not discussed about this hook yet. So, I'd like to see any >> comments. > > Aren't modules given a __PG_Init or something similar that they can > define which will be called when the module is loaded..? > I assume the security module shall be loaded within 'shared_preload_libraries', because we can overwrite 'local_preload_libraries' (PGC_BACKEND) setting using connection string, so it allows users to bypass security features, doesn't it? Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>