Re: On login trigger: take three

Hi

> + {"enable_client_connection_trigger", PGC_SU_BACKEND,
> DEVELOPER_OPTIONS,
> + gettext_noop("Enables the client_connection event
> trigger."),
> + gettext_noop("In case of errors in the ON
> client_connection EVENT TRIGGER procedure, "
> ..and..
> + /*
> + * Try to ignore error for superuser to make it possible to login
> even in case of errors
> + * during trigger execution
> + */
> + if (!is_superuser)
> + PG_RE_THROW();
> This patch adds two ways for superusers to bypass this event trigger in
> case of
> it being faulty, but for every other event trigger we've documented to
> restart
> in single-user mode and fixing it there. Why does this need to be
> different?
> This clearly has a bigger chance of being a footgun but I don't see that
> as a
> reason to add a GUC and a bypass that other footguns lack.
>
>
>
In the time when event triggers were introduced, managed services were not
too widely used like now. When we discussed this feature we thought about
environments when users have no superuser rights and have no possibility to
go to single mode.

Personally, I prefer to introduce some bypassing for event triggers instead
of removing bypass from login triggers.

Regards

Pavel