Re: For review: Server instrumentation patch
| От | Andrew Dunstan |
|---|---|
| Тема | Re: For review: Server instrumentation patch |
| Дата | |
| Msg-id | 42E4D0B4.7020603@dunslane.net обсуждение исходный текст |
| Ответ на | Re: For review: Server instrumentation patch ("Magnus Hagander" <mha@sollentuna.net>) |
| Ответы |
Re: For review: Server instrumentation patch
|
| Список | pgsql-hackers |
Magnus Hagander wrote: > >Instead of trying to pick on one feature, how about trying something >constructive instead? Let's say we add a GUC like "restrict_superuser", >that disables COPY to local files, untrusted procedural languages (both >creation and using the ones that already exist), the new access >functions, the LOAD command etc. Then the admin can chose what to do >about superuser access levels - the requirement may dependon SELinux for >example. > > I could go for this. Creating a setting that disallowed creation/calling of plperlu functions would be fairly trivial. I still think, security considerations aside, that an API for config settings would be a much better piece of design than providing file system access functions. cheers andrew
В списке pgsql-hackers по дате отправления: