Re: [v9.1] Add security hook on initialization of instance
Kouhei Kaigai <kaigai@ak.jp.nec.com>
From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, Stephen Frost <sfrost@snowman.net>, pgsql-hackers@postgresql.org
Date: 2010-06-15T03:47:48Z
Lists: pgsql-hackers
(2010/06/15 12:28), Tom Lane wrote: > KaiGai Kohei<kaigai@ak.jp.nec.com> writes: >>>>> The attached patch tries to add one more security hook on the >>>>> initialization of PostgreSQL instance (InitPostgres()). > >>> Yeah, but so what? Stephen's point is still valid. > >> On the hook, I'd like to obtain security context of the client process >> which connected to the PostgreSQL instance. It is not available at the >> _PG_init() phase, because clients don't connect yet. > > InitPostgres is called by a number of process types that don't *have* > clients. I concur with the other opinions that this hook is badly > thought out. > I intended to skip it when InitPostgres() is called without clients. For example, the hook might be better to put on PerformAuthentication() for more clarification of the purpose. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>