Re: ALTER USER SET log_* not allowed...

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andrew McMillan <andrew@catalyst.net.nz>
Cc: Sean Chittenden <sean@chittenden.org>, Peter Eisentraut <peter_e@gmx.net>, Bruce Momjian <pgman@candle.pha.pa.us>, PGBugs List <pgsql-bugs@postgresql.org>
Date: 2004-11-10T16:41:35Z
Lists: pgsql-bugs
Andrew McMillan <andrew@catalyst.net.nz> writes:
> The current functionality could be useful inside particular code paths
> of an application, where you want to increase the log verbosity in a
> particular part of the code, when it (unpredictably) happens, without
> nuking the logs entirely.
> Of course you are superuser when you review such logs, but I wouldn't
> usually want the db connection from the application to have to run as
> superuser if I could help it...  especially not a web application.

Sure.  There is a workaround for that though, which is to provide a
SECURITY DEFINER function for the app to call that will adjust the
logging level for it, rather than trying to do the SET directly in
unprivileged code.

			regards, tom lane