| From: | Ronan Dunklau <ronan(dot)dunklau(at)aiven(dot)io> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
| Subject: | Re: Non-superuser subscription owners |
| Date: | 2021-10-25 07:26:30 |
| Message-ID: | 4682671.GXAFRqVoOG@aivenronan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Le mercredi 20 octobre 2021, 20:40:39 CEST Mark Dilger a écrit :
> These patches have been split off the now deprecated monolithic "Delegating
> superuser tasks to new security roles" thread at [1].
>
> The purpose of these patches is to allow non-superuser subscription owners
> without risk of them overwriting tables they lack privilege to write
> directly. This both allows subscriptions to be managed by non-superusers,
> and protects servers with subscriptions from malicious activity on the
> publisher side.
Thank you Mark for splitting this.
This patch looks good to me, and provides both better security (by closing the
"dropping superuser role" loophole) and usefule features.
--
Ronan Dunklau
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2021-10-25 07:40:10 | Re: pg_receivewal starting position |
| Previous Message | Ronan Dunklau | 2021-10-25 07:16:16 | Re: pg_receivewal starting position |