Omnigres documentation

Security

Omnigres documentation

Intro
Quick Start
Examples
Examples
- MOTD service
Development
Development
- pg_yregress
  pg_yregress
  - Intro
  - Installation
  - Usage
Extensions
Extensions
- omni_auth
  omni_auth
  - Basics
  - Password Authentication
- omni_aws
  omni_aws
  - S3
- omni_cloudevents
  omni_cloudevents
  - Using CloudEvents
- omni_containers
  omni_containers
  - Intro
- omni_credentials
  omni_credentials
  - Credential Management
- omni_httpc
  omni_httpc
  - HTTP client
- omni_httpd
  omni_httpd
- omni_id
  omni_id
  - Identity Type
- omni_json
  omni_json
  - Table Mapping
- omni_kube
  omni_kube
  - Kubernetes API
  - Cluster views
- omni_ledger
  omni_ledger
- omni_manifest
  omni_manifest
  - Usage
- omni_mimetypes
  omni_mimetypes
  - omni_mimetypes
- omni_os
  omni_os
  - Intro
- omni_polyfill
  omni_polyfill
  - Polyfills
  - uuidv7
- omni_python
  omni_python
  - Intro
- omni_regex
  omni_regex
  - Regex
- omni_rest
  omni_rest
  - Protocols
  - Quickstart
- omni_schema
  omni_schema
  - omni_schema
- omni_seq
  omni_seq
  - Distributed IDs
- omni_service
  omni_service
  - Service Management
  - Service Integration
- omni_session
  omni_session
  - Session Management
- omni_sqlite
  omni_sqlite
  - Embedded SQLite
- omni_test
  omni_test
  - Testing Guide
- omni_txn
  omni_txn
  - Transaction Linearization
  - Transaction Retry
- omni_types
  omni_types
  - Function Signature Types
  - Sum types
- omni_var
  omni_var
  - Variables
- omni_vfs
  omni_vfs
  - omni_vfs
- omni_web
  omni_web
  - Cookies
  - Intro
  - Query Strings
  - URI
- omni_xml
  omni_xml
  - Overview
  - Usage
- omni_yaml
  omni_yaml
  - YAML

Security¶

HTTP server hardening

At this moment, this extension does not provide any additional hardening for the HTTP server functionality to prevent any unintended interaction between the server and the database outside of strict confines of the message passing approach used for their intended way of communication.

We are eager to add support for such hardening (perhaps as an opt-in if it significantly decreases performance). Please consider contributing.

omni_httpd relies on Postgres security primitives. In order to enforce a role on a handler, it must be made security definer and has to be owned by the role it is intended to be running under.