Re: Streaming replication as a separate permissions
| От | Tom Lane |
|---|---|
| Тема | Re: Streaming replication as a separate permissions |
| Дата | |
| Msg-id | 24024.1293119681@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Streaming replication as a separate permissions (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: Streaming replication as a separate permissions
Re: Streaming replication as a separate permissions |
| Список | pgsql-hackers |
Robert Haas <robertmhaas@gmail.com> writes:
> I haven't looked at the patch yet, but I think we should continue to
> allow superuser-ness to be *sufficient* for replication - i.e.
> superusers will automatically have the replication privilege just as
> they do any other - and merely allow this as an option for when you
> want to avoid doing it that way.
I don't particularly mind breaking that. If we leave it as-is, we'll
be encouraging people to use superuser accounts for things that don't
need that, which can't be good from a security standpoint.
BTW, is it possible to set things up so that a REPLICATION account
can be NOLOGIN, thereby making it really hard to abuse for other
purposes? Or does the login privilege check come too soon?
regards, tom lane
В списке pgsql-hackers по дате отправления: