Re: Streaming replication as a separate permissions
Dave Page <dpage@pgadmin.org>
From: Dave Page <dpage@pgadmin.org>
To: Magnus Hagander <magnus@hagander.net>
Cc: Simon Riggs <simon@2ndquadrant.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-12-27T09:52:57Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow Win32 to compile under MinGW. Major changes are:
- 12c942383296 7.4.1 cited
On Mon, Dec 27, 2010 at 9:36 AM, Magnus Hagander <magnus@hagander.net> wrote: > Seeing logged SQL isn't - but being able to filter the logfiles on > that requires a *lot* more than just defining a security privilege. If > we mean "arbitrary log file reading", the easiest way to fix that > would be to stop checking for superuser permissions in the > read-file-function, and instead use the permissions *on the function* > to control it. In fact, that is something that we could (should?) do > for a bunch of other functions as well, so that we can in that way > provide much more granular permissions level than just blanked > assigning of privileges. That would require having users change the permissions on system objects, which seems, icky (would they even be dumped?). Given that the superuser could already create a security definer wrapper function with the privileges required, I don't think this is needed. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company