The bottom line is that I have no problem with making this change, but I
want to be sure it is a full solution we aren't going to have to revisit
later. I don't want to make the change and then find out we rushed it
and have to make more adjustments in later releases.
Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Tom Lane wrote:
> >> started because setting these variables via ALTER USER fails to work.
> > It fails to work if logging was already on and someone wants to turn it
> > off via ALTER USER, and that matches the expected behavior.
> Not if a superuser does it; superusers should be allowed to set it
> however they want. In current code a superuser can't even set it
> that way for himself, let alone for other nonprivileged users.
> You seem to define "expected behavior" as "whatever the code does now",
> but in point of fact it's got lots of deficiencies.
> > Well, you have just made the system less secure by creating that
> > function. Why didn't you create a function that has the existing
> > behavior of only allowing users to increase the log level?
> I repeat my point: I don't think DBAs actually need that. In the
> function as illustrated, I gave joe_user (and nobody else) the choice
> between 'all' and 'ddl' (and nothing else), where I suppose 'ddl' is the
> global default. This is in fact a whole lot *more* secure than the
> existing behavior, in the sense that I can constrain what's allowed a
> lot more.
> If I later decide I want 'mod' as the global default, I can alter the
> function to map it that way, and joe_user's application is entirely
> unaffected. This is *not* true if I expect joe_user's app to set the
> variable directly. He has to go change his app to conform to the new
> global default.
> >> think so. I think that in the field, people are going to have at most
> >> a couple of logging configurations they want to allow users to select,
> >> and they will use code not significantly more complex than the above.
> > Can you show me the function?
> I did.
> > You should ask on general where
> > we usually do such polls of feature changes?
> Where was the poll in which we decided that the logging variables needed
> to be secured at all? In 7.3 these variables were all plain USERSET.
> regards, tom lane
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
In response to
pgsql-patches by date
|Next:||From: Patrick B Kelly||Date: 2004-11-11 16:53:00|
|Subject: Re: multiline CSV fields|
|Previous:||From: Bruce Momjian||Date: 2004-11-11 16:08:15|
|Subject: Re: Proposed patch to remove USERLIMIT|