| From: | "Fernando Moreno" <azazel(dot)7(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL <pgsql-general(at)postgresql(dot)org> |
| Subject: | backup and permissions |
| Date: | 2008-11-14 00:30:28 |
| Message-ID: | b1c45530811131630u254ca21bv1468b07403626b9e@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi, I'm working on a little backup utility for a desktop application. It's
going to execute pg_dumpall (-r) and pg_dump, but first I have to deal with
the permissions needed to do that:
1. Users (pgsql roles) enabled to backup would be superusers all the time.
This sounds insecure.
2. Users will get superuser access through a security definer function just
before the backup, then they'll be nosuperuser again. An interrupted backup
process would be dangerous, but I could check whether or not this clause is
enabled, every time a user connects. Still risky.
3. Users will just be able to read every object in the database, and
pg_authid. I've done some tests and this seems enough.
I need some advice to choose the better/safer option, what would you do?
Thanks in advance.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eus | 2008-11-14 02:39:47 | Re: how to "group" several records with same timestamp into one line? |
| Previous Message | Scott Marlowe | 2008-11-14 00:30:18 | Re: vacuum output question |