Re: Function to kill backend
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2004-04-03T03:55:21Z
Lists: pgsql-hackers
Bruce Momjian <pgman@candle.pha.pa.us> writes: > Seems like useful functionality. Right now, how does an administrator > kill another backend from psql? They can't. The question to ask is "should they be able to?" I think any such facility is inherently a security risk, since it means that a remote attacker who's managed to break into your superuser account can randomly zap other backends. Now admittedly there's plenty of other mischief he can do with superuser privs, but that doesn't mean we should hand him a pre-loaded, pre-sighted cannon. Having to log into the database server locally to execute such operations doesn't seem that bad to me. regards, tom lane