Hello, > Obviously each "user" could use RESET ROLE and become the super user. Yes, this is a point not to forget, but isn't an issue in our case. best regards, Marc Mamin From: Derrick Rice [mailto:derrick.rice@xxxxxxxxx] Sent: Samstag, 4. Dezember 2010 00:21 To: Marc Mamin Cc: pgsql-general@xxxxxxxxxxxxxx Subject: Re: RESET ROLE and search_path, Connection pool On Fri, Dec 3, 2010 at 5:13 AM, Marc Mamin <M.Mamin@xxxxxxxxxxxx> wrote: Hello, We are thinking about using a (java based) connection pool. An issue is that there are many different users to connect. My idea is to only have superuser connections in the pool and change the connection role (with SET ROLE) each time a user pick a connection there. Tangential to your question, but important: Obviously each "user" could use RESET ROLE and become the super user. This means that every piece of code that uses this pool needs to have security appropriate for code using the super user. i.e. "Whatever, it's just using a read-only role, nothing bad can happen" is no longer a valid argument (if it ever was). Do you have that much faith / trust in every "user"? * "user" in quotes because I'm guessing you are referring to different portions of your application / application suite and hopefully not individual persons. Derrick -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
