| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
| Subject: | Re: security labels on databases are bad for dump & restore |
| Date: | 2015-07-14 12:57:55 |
| Message-ID: | CA+Tgmoa9dS3+72fusCJ05f5_BgSp=JEsZYWsq80mh-9-8Hx4nw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jul 10, 2015 at 7:57 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> pg_dump dumps security labels on databases. Which makes sense. The
> problem is that they're dumped including the database name.
>
> Which means that if you dump a database and restore it into a
> differently named one you'll either get a failure because the database
> does not exist, or worse you'll update the label of the wrong database.
>
> So I think we need CURRENT_DATABASE (or similar) support for security
> labels on databases.
>
> I won't have time to do anything about this anytime soon, but I think we
> should fix that at some point. Shall I put this on the todo? Or do we
> want to create an 'open items' page that's not major version specific?
I think adding it to the TODO would be great.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-07-14 12:59:42 | Re: RLS fails to work with UPDATE ... WHERE CURRENT OF |
| Previous Message | Robert Haas | 2015-07-14 12:36:40 | Re: RFC: replace pg_stat_activity.waiting with something more descriptive |