Re: proposal: only superuser can change customized_options

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Pavel Stehule" <pavel(dot)stehule(at)hotmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: proposal: only superuser can change customized_options
Date: 2007-02-02 16:40:10
Message-ID: 6976.1170434410@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

"Pavel Stehule" <pavel(dot)stehule(at)hotmail(dot)com> writes:
> I want to use custmized option for security configuration one contrib
> library. Currently customized options are usable only for default
> configuration, because everybody can change it. It is substitution of global
> variables.
> Decision if option is protected or not can be based on name of option.

I dislike making it depend on spelling. There was discussion of this
problem before, and we had a much saner answer: when the module that
defines the variable gets loaded, discard any local setting if the
correct protection level of the variable is SUSET or higher. See the
archives.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Sullivan 2007-02-02 16:46:38 Re: "May", "can", "might"
Previous Message Tom Lane 2007-02-02 16:37:13 Re: Function proposal to find the type of a datum