Re: Streaming replication as a separate permissions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-23T15:54:41Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
Robert Haas <robertmhaas@gmail.com> writes: > I haven't looked at the patch yet, but I think we should continue to > allow superuser-ness to be *sufficient* for replication - i.e. > superusers will automatically have the replication privilege just as > they do any other - and merely allow this as an option for when you > want to avoid doing it that way. I don't particularly mind breaking that. If we leave it as-is, we'll be encouraging people to use superuser accounts for things that don't need that, which can't be good from a security standpoint. BTW, is it possible to set things up so that a REPLICATION account can be NOLOGIN, thereby making it really hard to abuse for other purposes? Or does the login privilege check come too soon? regards, tom lane