| From: | Andrei Lepikhov <lepihov(at)gmail(dot)com> |
|---|---|
| To: | Jack Bonatakis <jack(at)bonatak(dot)is>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Bruce Momjian <bruce(dot)momjian(at)enterprisedb(dot)com>, Andres Freund <andres(at)anarazel(dot)de> |
| Subject: | Re: Read-only connection mode for AI workflows. |
| Date: | 2026-03-19 07:44:15 |
| Message-ID: | 7f6e0ff9-05e9-4664-9c71-d9dd744362b9@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 16/3/26 22:01, Andrei Lepikhov wrote:
> On 16/3/26 20:28, Jack Bonatakis wrote:
>> On Mon, Mar 16, 2026, at 2:08 PM, Andrei Lepikhov wrote:
>>> I believe the pg_readonly [1] extension does what you're looking for, so
>>> you might want to give it a try.
>> Please correct me if I am mistaken, but it looks like pg_readonly
>> operates at the database or cluster level.
Take a look at the [1] project. It's a simpler version of [2] that
always switches to read-only mode.
To use it, just have your connection pooler load the 'safesession'
module. This will keep the session in read-only mode until it ends.
There are no GUCs, and there is no way to change the mode, even for a
superuser. Does this seem safe enough?
We could improve it by restricting manual calls to specific utility
operations, such as VACUUM or REINDEX. However, we would need some
specifications first.
[1] https://github.com/danolivo/safesession/
[2] https://github.com/pierreforstmann/pg_readonly
--
regards, Andrei Lepikhov,
pgEdge
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2026-03-19 07:53:13 | Re: Read-only connection mode for AI workflows. |
| Previous Message | Lukas Fittl | 2026-03-19 07:15:07 | Re: [PATCH] Optionally record Plan IDs to track plan changes for a query |