| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2010-12-23 22:29:13 |
| Message-ID: | 29021.1293143353@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
> On 12/23/10 2:21 PM, Tom Lane wrote:
>> Well, that's one laudable goal here, but "secure by default" is another
>> one that ought to be taken into consideration.
> I don't see how *not* granting the superuser replication permissions
> makes things more secure. The superuser can grant replication
> permissions to itself, so why is suspending them by default beneficial?
> I'm not following your logic here.
Well, the reverse of that is just as true: if we ship it without
replication permissions on the postgres user, people can change that if
they'd rather not create a separate role for replication. But I think
we should encourage people to NOT do it that way. Setting it up that
way by default hardly encourages use of a more secure arrangement.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2010-12-23 22:33:42 | Re: Streaming replication as a separate permissions |
| Previous Message | Andrew Dunstan | 2010-12-23 22:27:20 | Re: Cannot compile Pg 9.0.2 with MinGW under Windows |