Re: ALTER USER SET log_* not allowed...
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andrew McMillan <andrew@catalyst.net.nz>
Cc: Sean Chittenden <sean@chittenden.org>, Peter Eisentraut <peter_e@gmx.net>, Bruce Momjian <pgman@candle.pha.pa.us>, PGBugs List <pgsql-bugs@postgresql.org>
Date: 2004-11-10T16:41:35Z
Lists: pgsql-bugs
Andrew McMillan <andrew@catalyst.net.nz> writes: > The current functionality could be useful inside particular code paths > of an application, where you want to increase the log verbosity in a > particular part of the code, when it (unpredictably) happens, without > nuking the logs entirely. > Of course you are superuser when you review such logs, but I wouldn't > usually want the db connection from the application to have to run as > superuser if I could help it... especially not a web application. Sure. There is a workaround for that though, which is to provide a SECURITY DEFINER function for the app to call that will adjust the logging level for it, rather than trying to do the SET directly in unprivileged code. regards, tom lane