You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hawq.apache.org by "Alastair \"Bell\" Turner (JIRA)" <ji...@apache.org> on 2016/10/08 14:18:20 UTC

[jira] [Updated] (HAWQ-1089) Implement trustworthy user identity session variables

     [ https://issues.apache.org/jira/browse/HAWQ-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alastair "Bell" Turner updated HAWQ-1089:
-----------------------------------------
    Summary: Implement trustworthy user identity session variables  (was: Implement trustworthy user identity GUCs )

> Implement trustworthy user identity session variables
> -----------------------------------------------------
>
>                 Key: HAWQ-1089
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1089
>             Project: Apache HAWQ
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Alastair "Bell" Turner
>            Assignee: Lei Chang
>             Fix For: backlog
>
>
>  HAWQ currently implements the Postgres SET ROLE and SET SESSION constructs which can overwrite the session_user and current_user environment variables. This allows the a superuser (gpadmin) to change the visible user identity.
> If these changeable identities are passed down for impersonation then it invalidates some of the security benefits that user impersonation is supposed to provide.
> Changing the current SET ROLE and SET SESSION behaviour would have knock on effects for the security model for executing functions.
> The least intrusive route to having reliable user identity information to pass down is exposing the oringially authorised user and authorisation method (as defined in pg_hba) as read-only environment variables (maybe called auth_user and auth_method?) in the session.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)