You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hawq.apache.org by "Alastair \"Bell\" Turner (JIRA)" <ji...@apache.org> on 2016/10/08 14:18:20 UTC
[jira] [Updated] (HAWQ-1089) Implement trustworthy user identity
session variables
[ https://issues.apache.org/jira/browse/HAWQ-1089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alastair "Bell" Turner updated HAWQ-1089:
-----------------------------------------
Summary: Implement trustworthy user identity session variables (was: Implement trustworthy user identity GUCs )
> Implement trustworthy user identity session variables
> -----------------------------------------------------
>
> Key: HAWQ-1089
> URL: https://issues.apache.org/jira/browse/HAWQ-1089
> Project: Apache HAWQ
> Issue Type: Sub-task
> Components: Security
> Reporter: Alastair "Bell" Turner
> Assignee: Lei Chang
> Fix For: backlog
>
>
> HAWQ currently implements the Postgres SET ROLE and SET SESSION constructs which can overwrite the session_user and current_user environment variables. This allows the a superuser (gpadmin) to change the visible user identity.
> If these changeable identities are passed down for impersonation then it invalidates some of the security benefits that user impersonation is supposed to provide.
> Changing the current SET ROLE and SET SESSION behaviour would have knock on effects for the security model for executing functions.
> The least intrusive route to having reliable user identity information to pass down is exposing the oringially authorised user and authorisation method (as defined in pg_hba) as read-only environment variables (maybe called auth_user and auth_method?) in the session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)