On Mon, Aug 5, 2013 at 03:53:01PM -0400, Alvaro Herrera wrote:
> The other issue is that currently you can only edit a server's config if
> you are logged in to it. If we permit SQL-level access to that, and
> somebody who doesn't have access to edit the files blocks themselves
> out, there is no way for them to get a working system *at all*.
Well, if we want to give the administrator a way to disable honoring any
previously-defined ALTER SYSTEM SET commands, how would they do that
without OS access? By definition, they can't connect via SQL, so what
would the API be?
Also, even if they could do it remotely, if they previously set
listen_addresses via ALTER SYSTEM SET, and we then disable all ALTER
SYSTEM SET settings, they still can't access the system because by
default Postgres will only listen on local sockets.
In summary, the SQL interface to configuration parameters is a
convenience, but I don't think it is ever going to be something that can
replace full file system access --- that is not a limitation of the
implemention of ALTER SYSTEM SET, but just something that is impossible.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ It's impossible for everything to be true. +