2010/6/14 KaiGai Kohei <kai...@kaigai.gr.jp>: > (2010/06/14 20:01), Stephen Frost wrote: >> * KaiGai Kohei (kai...@ak.jp.nec.com) wrote: >>> The attached patch tries to add one more security hook on the >>> initialization of PostgreSQL instance (InitPostgres()). >>> >>> It gives the external security module a chance to initialize itself, >>> and acquire credential of the client. >>> >>> I assumed the best place to initialize the module is just after the >>> initialize_acl() invocation, if ESP is available. >>> We have not discussed about this hook yet. So, I'd like to see any >>> comments. >> >> Aren't modules given a __PG_Init or something similar that they can >> define which will be called when the module is loaded..? >> > I assume the security module shall be loaded within > 'shared_preload_libraries', > because we can overwrite 'local_preload_libraries' (PGC_BACKEND) setting using > connection string, so it allows users to bypass security features, doesn't it?
Yeah, but so what? Stephen's point is still valid. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
