Re: pg_stat_replication security
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Josh Berkus <josh@agliodbs.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-17T10:51:45Z
Lists: pgsql-hackers
Attachments
- stat_replication_secure.patch (text/x-patch) patch
On Sun, Jan 16, 2011 at 21:57, Josh Berkus <josh@agliodbs.com> wrote: > >>> I suggest instead either "superuser" or "replication" permissions. >> >> That's another idea. > > Oh, wait. I take that back ... we're trying to encourage users NOT to > use the "replication" user as a login, yes? yeah. Here's a patch that limits it to superuser only. We can't easily match it to the user of the session given the way the walsender data is returned - it doesn't contain the user information. But limiting it to superuser only seems perfectly reasonable and in line with the encouragement not to use the replication user for login. Objections? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/