Skip site navigation (1) Skip section navigation (2)

Re: Streaming replication as a separate permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2010-12-23 15:15:21
Message-ID: 23446.1293117321@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Here's a patch that changes walsender to require a special privilege
> for replication instead of relying on superuser permissions. We
> discussed this back before 9.0 was finalized, but IIRC we ran out of
> time. The motivation being that you really want to use superuser as
> little as possible - and since being a replication slave is a read
> only role, it shouldn't require the maximum permission available in
> the system.

Maybe it needn't require "max" permissions, but one of the motivations
for requiring superusernesss was to prevent Joe User from sucking every
last byte of data out of your database (and into someplace he could
examine it at leisure).  This patch opens that barn door wide, because
so far as I can see, it allows anybody at all to grant the replication
privilege ... or revoke it, thereby breaking your replication setup.
I think only superusers should be allowed to change the flag.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2010-12-23 15:26:57
Subject: Re: Why is sorting on two columns so slower thansortingon one column?
Previous:From: Kenneth MarshallDate: 2010-12-23 14:53:05
Subject: Re: Why is sorting on two columns so slowerthansortingon one column?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group