Re: Streaming replication as a separate permissions

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Josh Berkus <josh@agliodbs.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-23T22:29:13Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Allow Win32 to compile under MinGW. Major changes are:

Josh Berkus <josh@agliodbs.com> writes:
> On 12/23/10 2:21 PM, Tom Lane wrote:
>> Well, that's one laudable goal here, but "secure by default" is another
>> one that ought to be taken into consideration.

> I don't see how *not* granting the superuser replication permissions
> makes things more secure.  The superuser can grant replication
> permissions to itself, so why is suspending them by default beneficial?
>  I'm not following your logic here.

Well, the reverse of that is just as true: if we ship it without
replication permissions on the postgres user, people can change that if
they'd rather not create a separate role for replication.  But I think
we should encourage people to NOT do it that way.  Setting it up that
way by default hardly encourages use of a more secure arrangement.

			regards, tom lane