Andrew McMillan wrote:
-- Start of PGP signed section.
> On Tue, 2004-11-09 at 13:58 -0500, Tom Lane wrote:
> >
> > Bruce and I were chatting about this on the phone today, and we were
> > seriously considering a more radical proposal: get rid of the whole
> > concept of USERLIMIT variables, and make the logging variables be plain
> > SUSET (ie, only superusers can change 'em). This would eliminate the
> > current ability of a non-superuser to increase the logging verbosity
> > of his session, but it's not real clear that that's such a good idea
> > anyway. (Cranking the log verbosity up far past what the DBA wants
> > could be seen as a primitive form of DOS attack; and anyway, if you are
> > not a superuser then you can't see what's in the log, so why should
> > you care what the verbosity is, much less be able to affect it?) Given
> > the code complexity of the USERLIMIT stuff and the number of bugs
> > already found in it, getting rid of it seems awfully attractive.
>
> The current functionality could be useful inside particular code paths
> of an application, where you want to increase the log verbosity in a
> particular part of the code, when it (unpredictably) happens, without
> nuking the logs entirely.
>
> Of course you are superuser when you review such logs, but I wouldn't
> usually want the db connection from the application to have to run as
> superuser if I could help it... especially not a web application.
As much as I would like the URERLIMIT hacks removed for 8.0 I am thinking
we are too far along in release and don't have enough time to figure out
how to do the security definer function cleanly. I am thinking we
should wait for 8.1 and maybe have the USERLIMIT capability integrated
intot a security definer capability function we ship with our code.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073