Re: Proposal: Role Sandboxing for Secure Impersonation

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Joe Conway <mail@joeconway.com>, Eric Hanson <eric@aquameta.com>, Wolfgang Walther <walther@technowledgy.de>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-12-05T15:12:53Z
Lists: pgsql-hackers
On Wed, Dec 4, 2024 at 5:54 PM Jelte Fennema-Nio <postgres@jeltef.nl> wrote:
> On Wed, 4 Dec 2024 at 22:05, Robert Haas <robertmhaas@gmail.com> wrote:
> > I do think the protocol change is better.
>
> Fully agreed. But I now also know the herculean amount of effort
> that's necessary for that to happen, and I personally don't have the
> bandwidth to push that through anymore. So I'm definitely open to a
> SQL way if there's a safe way to achieve that.

I'm not convinced it has to be a Herculean amount of effort. Why do
you think otherwise?

-- 
Robert Haas
EDB: http://www.enterprisedb.com