Re: Streaming replication as a separate permissions

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Florian Pflug <fgp@phlo.org>, Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-24T04:46:30Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Allow Win32 to compile under MinGW. Major changes are:

* Robert Haas (robertmhaas@gmail.com) wrote:
> I think I agree with Florian about the confusing-ness of the proposed
> semantics.  Aren't you saying you want NOLOGIN mean "not allowed to
> log in for the purposes of issuing SQL commands, but allowed to log in
> for replication"?  Uggh.

I like the general idea of a replication-only "role" or "login".  Maybe
implementing that as a role w/ all the things that come along with it
being a role isn't right, but we don't want to have to reinvent all the
supported auth mechanisms (and please don't propose limiting the auth
options for the replication login!).  Is there a way we can leverage the
auth mechanisms, etc, while forcing the 'replication role' to only be
able to do what a 'replication role' should do?

	Thanks,

		Stephen