Participants
Eric Hanson
Eric Hanson
Chapman Flack
Chapman Flack
Attachments

No attachments in this thread

Thread Outline
#1Eric HansonEric Hanson
Mar 27, 2019
#2Chapman FlackChapman Flackto Eric Hanson (#1)
Mar 27, 2019
#3Eric HansonEric Hansonto Chapman Flack (#2)
Mar 29, 2019

SET LOCAL ROLE NO RESET -- sandbox transactions

Started by Eric Hansonalmost 7 years ago3 messages
#1Eric Hanson
Eric Hanson
eric@aquameta.com

Hi,

I'm trying to use the PostgreSQL roles system as the user base for a web
application. The common wisdom seems to be Don't Do This, because it
requires a connection per-user which doesn't scale. However, thinking it
through, I'm wondering it there might be a workaround using "sandbox
transactions", a scheme where a connection pooler connects as a superuser,
but immediately runs a

SET LOCAL ROLE 'joe_regular_user';

The problem with this of course is that the user could then just issue a
RESET ROLE and go back to superuser.

What would be the implications of adding a NO RESET clause to SET LOCAL
ROLE? If the user were to ever end the local transaction, the system would
need to kick them out of the connection, and they would need to reconnect
inside another sandbox transaction. Could this work? How hard would it
be, and what are the security implications?

Thanks,
Eric

#2Chapman Flack
Chapman Flack
chap@anastigmatix.net
In reply to: Eric Hanson (#1)
Re: SET LOCAL ROLE NO RESET -- sandbox transactions

On 3/27/19 2:40 AM, Eric Hanson wrote:

What would be the implications of adding a NO RESET clause to SET LOCAL
ROLE?

There's a part of this that seems to be a special case of the
GUC-protected-by-cookie idea discussed a bit in [1]/messages/by-id/59127E4E.8090705@anastigmatix.net and [2]/messages/by-id/CA+TgmoYOz+ZmOteahrduJCc8RT8GEgC6PNXLwRzJPObmHGaurg@mail.gmail.com
(which is still an idea that I like).

Regards,
-Chap

[1]: /messages/by-id/59127E4E.8090705@anastigmatix.net
/messages/by-id/59127E4E.8090705@anastigmatix.net

[2]: /messages/by-id/CA+TgmoYOz+ZmOteahrduJCc8RT8GEgC6PNXLwRzJPObmHGaurg@mail.gmail.com
/messages/by-id/CA+TgmoYOz+ZmOteahrduJCc8RT8GEgC6PNXLwRzJPObmHGaurg@mail.gmail.com

#3Eric Hanson
Eric Hanson
eric@aquameta.com
In reply to: Chapman Flack (#2)
Re: SET LOCAL ROLE NO RESET -- sandbox transactions

These seem like much better ideas than mine. :-) Thanks.

Did anything ever come of these ideas? Do you have a sense of the level of
community support around these ideas?

Thanks,
Eric

On Wed, Mar 27, 2019 at 11:23 AM Chapman Flack <chap@anastigmatix.net>
wrote:

Show quoted text

On 3/27/19 2:40 AM, Eric Hanson wrote:

What would be the implications of adding a NO RESET clause to SET LOCAL
ROLE?

There's a part of this that seems to be a special case of the
GUC-protected-by-cookie idea discussed a bit in [1] and [2]
(which is still an idea that I like).

Regards,
-Chap

[1]
/messages/by-id/59127E4E.8090705@anastigmatix.net

[2]

/messages/by-id/CA+TgmoYOz+ZmOteahrduJCc8RT8GEgC6PNXLwRzJPObmHGaurg@mail.gmail.com

← Back to Topics