Re: SYSTEM_USER reserved word implementation
Joe Conway <mail@joeconway.com>
From: Joe Conway <mail@joeconway.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Jacob Champion <jchampion@timescale.com>
Cc: "Drouvot, Bertrand" <bdrouvot@amazon.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-06-22T16:22:36Z
Lists: pgsql-hackers
On 6/22/22 11:52, Tom Lane wrote: > Jacob Champion <jchampion@timescale.com> writes: >> On Wed, Jun 22, 2022 at 8:10 AM Joe Conway <mail@joeconway.com> wrote: >>> In case port->authn_id is NULL then the patch is returning the SESSION_USER for the SYSTEM_USER. Perhaps it should return NULL instead. > >> If the spec says that SYSTEM_USER "represents the operating system >> user", but we don't actually know who that user was (authn_id is >> NULL), then I think SYSTEM_USER should also be NULL so as not to >> mislead auditors. > > Yeah, that seems like a fundamental type mismatch. If we don't know > the OS user identifier, substituting a SQL role name is surely not > the right thing. +1 agreed > I think a case could be made for ONLY returning non-null when authn_id > represents some externally-verified identifier (OS user ID gotten via > peer identification, Kerberos principal, etc). But -1 on that. I think any time we have a non-null authn_id we should expose it. Are there examples of cases when we have authn_id but for some reason don't trust the value of it? -- Joe Conway RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
Commits
-
Introduce SYSTEM_USER
- 0823d061b0b7 16.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited