| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow cluster owner to bypass authentication |
| Date: | 2019-12-18 14:09:25 |
| Message-ID: | CA+TgmobdH+Ptp=KtvZyv2x9+ChOgEZLoyr3uM-OzKkGxbMmyyw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 17, 2019 at 5:27 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> I realize that there are a number of facilities nowadays to do enhanced
> security setups. But let's consider what 99% of users are using. If
> the database server runs as user X and you are logged in as user X, you
> should be able to manage the database server that is running as user X
> without further restrictions. Anything else would call into question
> the entire security model that postgres is built around. But also,
> there is an option to turn this off in my patch, if you really have the
> need.
I feel like this is taking a policy decision that properly belongs in
pg_hba.conf and making it into a GUC. If you're introducing a GUC
because it's not possible to configure the behavior that you want in
pg_hba.conf, then I think the solution to that is to enhance
pg_hba.conf so that it can support the behavior you want to configure.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-12-18 14:14:25 | Re: jacana seems to be failing in recoverycheck from last few runs |
| Previous Message | Tom Lane | 2019-12-18 14:06:04 | Re: Read Uncommitted |