Re: Streaming replication as a separate permissions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-23T20:34:33Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
Magnus Hagander <magnus@hagander.net> writes: > On Thu, Dec 23, 2010 at 16:57, Robert Haas <robertmhaas@gmail.com> wrote: >> On Thu, Dec 23, 2010 at 10:54 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> I don't particularly mind breaking that. If we leave it as-is, we'll >>> be encouraging people to use superuser accounts for things that don't >>> need that, which can't be good from a security standpoint. >> And if we break it, we'll be adding an additional, mandatory step to >> make replication work that isn't required today. You might think >> that's OK, but I think the majority opinion is that it's already >> excessively complex. > Most of the people I run across in the real world are rather surprised > how *easy* it is to set up, and not how complex. And tbh, the only > complexity complaints I've heard there are about the requirement to > start/backup/stop to get it up and running. I've always told everybody > to create a separate account to do it, and not heard a single comment > about that. FWIW, it seems unreasonable to me to expect that we will not be breaking any part of a 9.0 replication configuration over the next release or two. We *knew* we were shipping a rough version that would require refinements, and this is one of the planned refinements. > That said, how about a compromise in that we add the replication flag > by default to the initial superuser when it's created? That way, it's > at least possible to remove it if you want to. Would that address your > complexity concern? It does nothing to address my security concern. I want to discourage people from using superuser accounts for this, full stop. regards, tom lane