Re: Periodic authorization expiration checks using GoAway message

Jelte Fennema-Nio <postgres@jeltef.nl>

From: Jelte Fennema-Nio <postgres@jeltef.nl>
To: Ajit Awekar <ajitpostgres@gmail.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>, Dave Cramer <davecramer@gmail.com>, Jacob Champion <jacob.champion@enterprisedb.com>, Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2025-11-28T17:18:57Z
Lists: pgsql-hackers
On Fri, Nov 28, 2025, 04:39 Ajit Awekar <ajitpostgres@gmail.com> wrote:

> This patch depends on the "GoAway" protocol message proposal currently
> under review here:
> https://www.postgresql.org/message-id/DDPQ1RV5FE9U.I2WW34NGRD8Z%40jeltef.nl
> Please apply this patch on top of the GoAway patch.
>

A review of the GoAway patch from you would definitely be appreciated (even
if there's no actionable feedback like: "this looks good and I managed use
it for my own patch successfully")

The Solution: To handle this authorization gap gracefully, this patch
> leverages the pending GoAway protocol message to notify clients.
>

I didn't look at the patch (I'm on my phone). But my first thought is that
only relying on the proposed version of GoAway is insufficient for anything
related to security. The GoAway message is both best effort, and only
supported with newer protocol versions. So while I think it's a good
usecase for GoAway, I think there *also* needs to be a hard timeout at
which point the connection gets forcefully terminated if it's using old
credentials.

Regarding the configurable interval that you describe for checking auth
changes, I think it might be better to register a SysCache update receiver
instead (or just poll the SysCache value

Finally, can you register this patch on the commitfest?
https://commitfest.postgresql.org/

>