Re: [v9.1] Add security hook on initialization of instance

Kouhei Kaigai <kaigai@ak.jp.nec.com>

From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, Stephen Frost <sfrost@snowman.net>, pgsql-hackers@postgresql.org
Date: 2010-06-15T03:47:48Z
Lists: pgsql-hackers
(2010/06/15 12:28), Tom Lane wrote:
> KaiGai Kohei<kaigai@ak.jp.nec.com>  writes:
>>>>> The attached patch tries to add one more security hook on the
>>>>> initialization of PostgreSQL instance (InitPostgres()).
> 
>>> Yeah, but so what?  Stephen's point is still valid.
> 
>> On the hook, I'd like to obtain security context of the client process
>> which connected to the PostgreSQL instance. It is not available at the
>> _PG_init() phase, because clients don't connect yet.
> 
> InitPostgres is called by a number of process types that don't *have*
> clients.  I concur with the other opinions that this hook is badly
> thought out.
> 
I intended to skip it when InitPostgres() is called without clients.

For example, the hook might be better to put on PerformAuthentication()
for more clarification of the purpose.

Thanks,
-- 
KaiGai Kohei <kaigai@ak.jp.nec.com>