Re: Streaming replication as a separate permissions

Robert Haas <robertmhaas@gmail.com> writes:
> I haven't looked at the patch yet, but I think we should continue to
> allow superuser-ness to be *sufficient* for replication - i.e.
> superusers will automatically have the replication privilege just as
> they do any other - and merely allow this as an option for when you
> want to avoid doing it that way.

I don't particularly mind breaking that.  If we leave it as-is, we'll
be encouraging people to use superuser accounts for things that don't
need that, which can't be good from a security standpoint.

BTW, is it possible to set things up so that a REPLICATION account
can be NOLOGIN, thereby making it really hard to abuse for other
purposes?  Or does the login privilege check come too soon?
        regards, tom lane