Re: Streaming replication as a separate permissions
| От | Robert Haas |
|---|---|
| Тема | Re: Streaming replication as a separate permissions |
| Дата | |
| Msg-id | AANLkTinp2zP6ARp_+Bd78fWRxXE4hxpOdcPsGKjb6=k8@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Streaming replication as a separate permissions (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
On Thu, Dec 30, 2010 at 9:54 AM, Peter Eisentraut <peter_e@gmx.net> wrote: > On tor, 2010-12-23 at 17:29 -0500, Tom Lane wrote: >> Josh Berkus <josh@agliodbs.com> writes: >> > On 12/23/10 2:21 PM, Tom Lane wrote: >> >> Well, that's one laudable goal here, but "secure by default" is another >> >> one that ought to be taken into consideration. >> >> > I don't see how *not* granting the superuser replication permissions >> > makes things more secure. The superuser can grant replication >> > permissions to itself, so why is suspending them by default beneficial? >> > I'm not following your logic here. >> >> Well, the reverse of that is just as true: if we ship it without >> replication permissions on the postgres user, people can change that if >> they'd rather not create a separate role for replication. But I think >> we should encourage people to NOT do it that way. Setting it up that >> way by default hardly encourages use of a more secure arrangement. > > I think this argument is a bit inconsistent in the extreme. You might > as well argue that a superuser shouldn't have any permissions by > default, to discourage users from using it. They can always grant > permissions back to it. I don't see why this particular one is so > different. > > If we go down this road, we'll end up with a mess of permissions that a > superuser has and doesn't have. +1. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: