Re: Possibility to disable `ALTER SYSTEM`
Jelte Fennema-Nio <postgres@jeltef.nl>
From: Jelte Fennema-Nio <postgres@jeltef.nl>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Daniel Gustafsson <daniel@yesql.se>, Bruce Momjian <bruce@momjian.us>,
Joel Jacobson <joel@compiler.org>, Andrew Dunstan <andrew@dunslane.net>, Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>, Magnus Hagander <magnus.hagander@redpill-linpro.com>,
Maciek Sakrejda <m.sakrejda@gmail.com>, Robert Haas <robertmhaas@gmail.com>
Date: 2024-03-19T16:53:59Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Add allow_alter_system GUC.
- d3ae2a24f265 17.0 landed
-
Rename COMPAT_OPTIONS_CLIENT to COMPAT_OPTIONS_OTHER.
- de7e96bd0fc6 17.0 landed
-
Remove support for version-0 calling conventions.
- 5ded4bd21403 10.0 cited
On Tue, 19 Mar 2024 at 17:05, Tom Lane <tgl@sss.pgh.pa.us> wrote: > I've said this repeatedly: it's not enough. The only reason we need > any feature whatsoever is that somebody doesn't trust their database > superusers to not try to modify the configuration. And as everyone else on this thread has said: It is enough. Because the point is not security, the point is hinting to a superuser that a workflow they know from other systems (or an ALTER SYSTEM command they copied from the internet) is not the intended way to modify their server configuration on the system they are currently working on. I feel like the docs and error message in the current active patch are very clear on that. If you think they are not clear, feel free to suggest what could clarify the intent of this feature. But at this point, it's really starting to seem to me like you're willingly trying to interpret this feature as a thing that it is not (i.e. a security feature).