Joshua D. Drake wrote:
>
>>
>> As a protection against malice, yes. I think Rod was more interested
>> in some protection against stupidity.
>>
>> Maybe the real answer is that Slony should connect as a non-superuser
>> and call security definer functions for the privileged things it
>> needs to do.
>
>
> Wouldn't that break Slony's ability to connect to older postgresql
> versions and replicate?
>
I don't know anything of Slony's internals, but I don't see why older
versions should matter - Postgres has had security definer functions for
every release that Slony supports. Maybe I'm missing something ...
cheers
andrew