Re: [PATCH] Re: [pgsql-advocacy] Why READ ONLY transactions?

Tom, have you considered using PGC_USERLIMIT for the existing
default_transaction_read_only variable?  You could allow admins to turn
it on and off, but non-admins could only turn it on.

---------------------------------------------------------------------------

Tom Lane wrote:
> Sean Chittenden <sean@chittenden.org> writes:
> >> I'm not objecting to the idea of being able to make users read-only.
> >> I'm objecting to using GUC for it.  Send in a patch that, say, adds
> >> a bool column to pg_shadow, and I'll be happy.
>
> > How is that any different than ALTER USER [username] SET
> > jail_read_only_transactions TO true?  It sets something in
> > pg_shadow.useconfig column, which is permanent.
>
> But it has to go through a mechanism that is designed and built to allow
> that value to be overridden from other places.  I think using GUC for
> this is just asking for trouble.  Even if there is no security hole
> today, it's very easy to imagine future changes in GUC that would
> unintentionally create one.
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073