| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2010-12-27 15:55:11 |
| Message-ID: | AANLkTinUK2eBL=MFM43cryj3LNcZOEObAgep-tO-T8j+@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Dec 27, 2010 at 16:45, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
> On Mon, 2010-12-27 at 14:54 +0100, Magnus Hagander wrote:
>
>> You will certainly be able to log into the standby with a superuser
>> account, nobody is preventing that. This is about protecting the
>> *master*. For example, from modifications made by a user who hacked
>> the standby.
>
> The users for master and standby are identical, so if they have access
> to the standby, they have access to the master. That's why we allow
> replication to be specifically excluded by the pg_hba.conf.
You are assuming there *is* a standby.
This is a defence against someone connecting with psql (or whatever)
directly to the master, *pretending to be* the standby (same
username/password, possibly even the same server ip).
Currently, this user gets the key to the kingdom and can modify things
freely on the master. With the patch, this user cannot. He can still
initiate streaming and eventually capture all your data, but he can't
modify it.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2010-12-27 16:04:40 | Re: Reduce lock levels for ADD and DROP COLUMN |
| Previous Message | Peter Eisentraut | 2010-12-27 15:54:16 | Re: C++ keywords in headers (was Re: [GENERAL] #include <funcapi.h>) |