Re: pg_stat_replication security

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: pg_stat_replication security
Дата
Msg-id AANLkTi=JH0mAK64kS0PNHOaF60R=UmQ_CyF-0m115rXO@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pg_stat_replication security  (Josh Berkus <josh@agliodbs.com>)
Ответы Re: pg_stat_replication security  (Itagaki Takahiro <itagaki.takahiro@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
On Sun, Jan 16, 2011 at 21:57, Josh Berkus <josh@agliodbs.com> wrote:
>
>>> I suggest instead either "superuser" or "replication" permissions.
>>
>> That's another idea.
>
> Oh, wait.  I take that back ... we're trying to encourage users NOT to
> use the "replication" user as a login, yes?

yeah.

Here's a patch that limits it to superuser only. We can't easily match
it to the user of the session given the way the walsender data is
returned - it doesn't contain the user information. But limiting it to
superuser only seems perfectly reasonable and in line with the
encouragement not to use the replication user for login.

Objections?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Magnus Hagander
Дата:
Сообщение: Re: walreceiver fallback_application_name
Следующее
От: Joel Jacobson
Дата:
Сообщение: Re: Bug in pg_describe_object, patch v2