> On 19 Mar 2024, at 17:53, Jelte Fennema-Nio <postgres@jeltef.nl> wrote:
>
> On Tue, 19 Mar 2024 at 17:05, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I've said this repeatedly: it's not enough. The only reason we need
>> any feature whatsoever is that somebody doesn't trust their database
>> superusers to not try to modify the configuration.
>
> And as everyone else on this thread has said: It is enough. Because
> the point is not security, the point is hinting to a superuser that a
> workflow they know from other systems (or an ALTER SYSTEM command they
> copied from the internet) is not the intended way to modify their
> server configuration on the system they are currently working on.
Well. Protection against superusers randomly copying ALTER SYSTEM commands
from the internet actually does turn this into a security feature =)
--
Daniel Gustafsson