| From: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru>, Евгений Ефимкин <efimkin(at)yandex-team(dot)ru>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Connection limit doesn't work for superuser |
| Date: | 2018-11-07 16:32:48 |
| Message-ID: | 277e50c1-152f-e8d9-4f73-0481f95427ad@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/7/18 5:19 PM, Tom Lane wrote:
>
> ...
>
> I think this proposal boils down to asking for support for an
> incredibly bad application design, and equipping every database with
> an additional foot-gun in order to have that.
>
I'm not sure about that. IMHO being able to restrict the number of
superuser connections can be used to force users to use regular
(non-superuser) roles for stuff that does not require that. Which should
encourage better application design.
Of course, the question is whether such limit can actually be enforced
reliably (I mean, can't the superuser simply change it?) and whether
handing over superuser accounts to application users is a good idea in
general ...
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2018-11-07 16:33:59 | Re: Fedora 29 vs linux collation tests |
| Previous Message | Alvaro Herrera | 2018-11-07 16:25:01 | Re: ATTACH/DETACH PARTITION CONCURRENTLY |