Обсуждение: ALTER DATABASE and datallowconn
Is there a particular reason we don't have an ALTER DATABASE switch that controls the datallowconn, or is it just something "missed out"? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
On Thu, May 3, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote: > Is there a particular reason we don't have an ALTER DATABASE switch > that controls the datallowconn, or is it just something "missed out"? I think it can be removed, or rather deprecated. datconnlimit can be set to 0 If we need to special case template0 then we should just do that. No need to add a column to do it. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
On Thu, May 3, 2012 at 2:48 PM, Simon Riggs <simon@2ndquadrant.com> wrote: > On Thu, May 3, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote: > >> Is there a particular reason we don't have an ALTER DATABASE switch >> that controls the datallowconn, or is it just something "missed out"? > > I think it can be removed, or rather deprecated. > > datconnlimit can be set to 0 superusers bypass datconnlimit, but not datallowconn, don't they? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
Magnus Hagander <magnus@hagander.net> writes:
> Is there a particular reason we don't have an ALTER DATABASE switch
> that controls the datallowconn, or is it just something "missed out"?
It was never intended to be a user-accessible switch, just something to
protect template0.
I don't agree with Simon's proposal to hard-wire protection for
template0 instead; that's ugly, and sometimes you do need to be able to
turn it off. But that's something that should be done only with adult
supervision, so having a nice friendly ALTER DATABASE command for it
seems exactly the wrong thing.
regards, tom lane
On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> Is there a particular reason we don't have an ALTER DATABASE switch >> that controls the datallowconn, or is it just something "missed out"? > > It was never intended to be a user-accessible switch, just something to > protect template0. It can be rather useful for others as well, though - since it works as a defense against superusers doing the wrong thing.. > I don't agree with Simon's proposal to hard-wire protection for > template0 instead; that's ugly, and sometimes you do need to be able to > turn it off. But that's something that should be done only with adult > supervision, so having a nice friendly ALTER DATABASE command for it > seems exactly the wrong thing. Yeah, I agree that from the perspective of template0, it definitely looks that way. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
Magnus Hagander <magnus@hagander.net> writes:
> On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> Is there a particular reason we don't have an ALTER DATABASE switch
>>> that controls the datallowconn, or is it just something "missed out"?
>> It was never intended to be a user-accessible switch, just something to
>> protect template0.
> It can be rather useful for others as well, though - since it works as
> a defense against superusers doing the wrong thing..
I'm having a hard time seeing the use-case for a user-created database
that nobody at all can connect to. Even if there is some marginal use
for that, you could achieve the result with a special entry in
pg_hba.conf to "reject" all connection attempts for that DB.
regards, tom lane
On Thu, May 3, 2012 at 4:26 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> Magnus Hagander <magnus@hagander.net> writes: >>>> Is there a particular reason we don't have an ALTER DATABASE switch >>>> that controls the datallowconn, or is it just something "missed out"? > >>> It was never intended to be a user-accessible switch, just something to >>> protect template0. > >> It can be rather useful for others as well, though - since it works as >> a defense against superusers doing the wrong thing.. > > I'm having a hard time seeing the use-case for a user-created database > that nobody at all can connect to. Even if there is some marginal use template databases. > for that, you could achieve the result with a special entry in > pg_hba.conf to "reject" all connection attempts for that DB. Yeah, that would work. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/