Re: Possibility to disable `ALTER SYSTEM`
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
Heikki Linnakangas <hlinnaka@iki.fi>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>,
Bruce Momjian <bruce@momjian.us>,
Joel Jacobson <joel@compiler.org>,
Andrew Dunstan <andrew@dunslane.net>,
Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>,
Magnus Hagander <magnus.hagander@redpill-linpro.com>,
Maciek Sakrejda <m.sakrejda@gmail.com>,
Robert Haas <robertmhaas@gmail.com>
Date: 2024-03-19T17:56:08Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Add allow_alter_system GUC.
- d3ae2a24f265 17.0 landed
-
Rename COMPAT_OPTIONS_CLIENT to COMPAT_OPTIONS_OTHER.
- de7e96bd0fc6 17.0 landed
-
Remove support for version-0 calling conventions.
- 5ded4bd21403 10.0 cited
> On 19 Mar 2024, at 17:53, Jelte Fennema-Nio <postgres@jeltef.nl> wrote: > > On Tue, 19 Mar 2024 at 17:05, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> I've said this repeatedly: it's not enough. The only reason we need >> any feature whatsoever is that somebody doesn't trust their database >> superusers to not try to modify the configuration. > > And as everyone else on this thread has said: It is enough. Because > the point is not security, the point is hinting to a superuser that a > workflow they know from other systems (or an ALTER SYSTEM command they > copied from the internet) is not the intended way to modify their > server configuration on the system they are currently working on. Well. Protection against superusers randomly copying ALTER SYSTEM commands from the internet actually does turn this into a security feature =) -- Daniel Gustafsson