Re: [HACKERS] logical replication access control patches
| От | Peter Eisentraut |
|---|---|
| Тема | Re: [HACKERS] logical replication access control patches |
| Дата | |
| Msg-id | fcb2e71d-30fc-ec6b-70b9-7416b112803d@2ndquadrant.com обсуждение исходный текст |
| Ответ на | [HACKERS] logical replication access control patches (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Список | pgsql-hackers |
On 3/29/17 19:01, Petr Jelinek wrote: >> So this CREATE SUBSCRIPTION priv actually gives you the power to cause >> the system to open network connections to the outside world. It's not >> something you give freely to random strangers -- should be guarded >> moderately tight, because it could be used as covert channel for data >> leaking. However, it's 1000x better than requiring superuser for >> subscription creation, so +1 for the current approach. >> > Plus on the other hand you might want to allow somebody to stream data > from another server but not necessarily allow said person to create new > objects in the database which standard CREATE privilege would allow. So > I think it makes sense to push this approach. One new concern I just thought about is that having GRANT whatever ON DATABASE would allow a database owner to assign these privileges, but a database owner is not necessarily someone highly privileged to make this decision. So I'm prepared to set this patch to returned with feedback for now. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: