| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2010-12-24 11:34:52 |
| Message-ID: | 4E1FCF6E-AF66-485C-8EC4-0F28C3AB12F9@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Dec24, 2010, at 05:00 , Tom Lane wrote:
> Florian Pflug <fgp(at)phlo(dot)org> writes:
>> The problem here is that you suggest NOLOGIN should mean "Not allowed
>> to issue SQL commands", which really isn't what the name "NOLOGIN"
>> conveys.
>
> No, it means "not allowed to connect".
Exactly. Which proves my point, unless you're ready to argue that
replication connections somehow don't count as "connections".
> It's possible now to issue
> commands as a NOLOGIN user, you just have to use SET ROLE to become the
> user. I think you're arguing about a design choice that was already
> made some time ago.
You've lost me, how is that an argument in your favour? I *wasn't* arguing
that NOLOGIN ought to mean "No allowed to issue SQL commands". It was what
*your* proposal of letting a role connect for replication purposes despite
a NOLOGIN flag would *make* NOLOGIN mean.
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2010-12-24 11:34:59 | Re: SQL/MED - core functionality |
| Previous Message | Shigeru HANADA | 2010-12-24 11:04:45 | Re: SQL/MED - file_fdw |