Re: Streaming replication as a separate permissions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, Florian Pflug <fgp@phlo.org>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-27T15:33:53Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
Magnus Hagander <magnus@hagander.net> writes: > On Mon, Dec 27, 2010 at 10:53, Magnus Hagander <magnus@hagander.net> wrote: >> We could quite easily make a replication role *never* be able to >> connect to a non-walsender backend. That would mean that if you set >> your role to WITH REPLICATION, it can *only* be used for replication >> and nothing else (well, you could still SET ROLE to it, but given that >> it's not a superuser (anymore), that doesn't have any security >> implications. > Actually, having implemented that and tested it, I realize that's a > pretty bad idea. OK, so if we're not going to recommend that REPLICATION roles be NOLOGIN, we're back to the original question: should the REPLICATION bit give any other special privileges? I can see the point of allowing such a user to issue pg_start_backup and pg_stop_backup. regards, tom lane