Re: pg_stat_replication security
| От | Magnus Hagander |
|---|---|
| Тема | Re: pg_stat_replication security |
| Дата | |
| Msg-id | AANLkTikTB=sZT=P4R38AO9kuR3tJHFEHFgMoU8nB_X28@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pg_stat_replication security (Itagaki Takahiro <itagaki.takahiro@gmail.com>) |
| Ответы |
Re: pg_stat_replication security
|
| Список | pgsql-hackers |
On Mon, Jan 17, 2011 at 12:11, Itagaki Takahiro <itagaki.takahiro@gmail.com> wrote: > On Mon, Jan 17, 2011 at 19:51, Magnus Hagander <magnus@hagander.net> wrote: >> Here's a patch that limits it to superuser only. We can't easily match >> it to the user of the session given the way the walsender data is >> returned - it doesn't contain the user information. But limiting it to >> superuser only seems perfectly reasonable and in line with the >> encouragement not to use the replication user for login. >> >> Objections? > > It hides all fields in pg_stat_wal_senders(). Instead, can we just > revoke usage of the function and view? Or, do we have some plans > to add fields which normal users can see? Yes, for consistency with pg_stat_activity. We let all users see which other sessions are there, but not what they're doing - seems reasonable to have the same definitions for replication sessions as other sessions. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: