You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hawq.apache.org by "Alastair \"Bell\" Turner (JIRA)" <ji...@apache.org> on 2016/10/08 14:16:20 UTC

[jira] [Created] (HAWQ-1089) Implement trustworthy user identity GUCs

Alastair "Bell" Turner created HAWQ-1089:
--------------------------------------------

             Summary: Implement trustworthy user identity GUCs 
                 Key: HAWQ-1089
                 URL: https://issues.apache.org/jira/browse/HAWQ-1089
             Project: Apache HAWQ
          Issue Type: Sub-task
          Components: Security
            Reporter: Alastair "Bell" Turner
            Assignee: Lei Chang


 HAWQ currently implements the Postgres SET ROLE and SET SESSION constructs which can overwrite the session_user and current_user environment variables. This allows the a superuser (gpadmin) to change the visible user identity.

If these changeable identities are passed down for impersonation then it invalidates some of the security benefits that user impersonation is supposed to provide.

Changing the current SET ROLE and SET SESSION behaviour would have knock on effects for the security model for executing functions.

The least intrusive route to having reliable user identity information to pass down is exposing the oringially authorised user and authorisation method (as defined in pg_hba) as read-only environment variables (maybe called auth_user and auth_method?) in the session.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)