From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | Mark Dilger <hornschnorter(at)gmail(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Monitoring roles patch |
Date: | 2017-03-28 17:58:54 |
Message-ID: | CA+OCxow3WHcG6e_+g5vZ3E=O-+BUS_X=Zw4YORMMp7dez0R=1w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Mar 28, 2017 at 1:52 PM, Mark Dilger <hornschnorter(at)gmail(dot)com> wrote:
>
>> On Mar 28, 2017, at 9:55 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>>
>> On Tue, Mar 28, 2017 at 12:47 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>> I don't see any precedent in the code for having a hardcoded role, other than
>>>> superuser, and allowing privileges based on a hardcoded test for membership
>>>> in that role. I'm struggling to think of all the security implications of that.
>>>
>>> This would be the first.
>>
>> Isn't pg_signal_backend an existing precedent?
>
> Sorry, I meant to say that there is no precedent for allowing access to data based
> on a hardcoded test for membership in a role other than superuser.
This doesn't allow access to data, except through monitoring of
queries that are executed (e.g. full access to pg_stat_activity) -
which you can avoid by not using the role if that's your choice.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Dilger | 2017-03-28 18:06:45 | Re: Monitoring roles patch |
Previous Message | David Steele | 2017-03-28 17:57:53 | Re: Supporting huge pages on Windows |