Thread

  1. Re: Periodic authorization expiration checks using GoAway message

    Jelte Fennema-Nio <postgres@jeltef.nl> — 2025-12-15T21:50:04Z

    On Mon, 15 Dec 2025 at 18:31, Jacob Champion
    <jacob.champion@enterprisedb.com> wrote:
    > But it seems iffy to change authentication metadata associated with
    > the connection halfway through a transaction, no? Am I missing
    > something that makes that architecturally safe?
    
    It felt a bit iffy to me too initially, but then I started looking at
    it from the other direction: i.e. what am I missing that actually
    makes this architecturally unsafe? And I cannot think of anything.
    
    I see two possible things happening when re-authenticating mid-transaction:
    1. User re-authenticates correctly, the transaction can continue as it
    would normally
    2. User re-authenticates incorrectly, connection is closed and
    transaction is aborted
    
    Both of those situations seem totally reasonable to me. What metadata
    are you worried about changing mid transaction that could mess stuff
    up? The primary one I can imagine is the username, but in my proposed
    implementation of the feature that one would have to stay the same
    anyway: The authentication related messages ('R' and 'p') don't
    contain username, that's part of the StartupMessage.