Re: Streaming replication as a separate permissions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Florian Pflug <fgp@phlo.org>
Cc: Robert Haas <robertmhaas@gmail.com>,
Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-24T03:16:18Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
Florian Pflug <fgp@phlo.org> writes: > On Dec23, 2010, at 16:54 , Tom Lane wrote: >> BTW, is it possible to set things up so that a REPLICATION account >> can be NOLOGIN, thereby making it really hard to abuse for other >> purposes? Or does the login privilege check come too soon? > Please don't. This violates the principle of least surprise big time! How so? (Please note I said *can be*, not *has to be*.) The point of this is to ensure that if someone does illicitly come by the replication role's password, they can't use it to log in. They can still steal all your data, but they can't actually get into the database. I don't see why it's a bad idea to configure things that way. regards, tom lane