Re: ALTER USER SET log_* not allowed... - Mailing list pgsql-bugs

From Bruce Momjian
Subject Re: ALTER USER SET log_* not allowed...
Date
Msg-id 200411101653.iAAGrIS24934@candle.pha.pa.us
Whole thread Raw
In response to Re: ALTER USER SET log_* not allowed...  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: ALTER USER SET log_* not allowed...
List pgsql-bugs
Tom Lane wrote:
> Andrew McMillan <andrew@catalyst.net.nz> writes:
> > The current functionality could be useful inside particular code paths
> > of an application, where you want to increase the log verbosity in a
> > particular part of the code, when it (unpredictably) happens, without
> > nuking the logs entirely.
> > Of course you are superuser when you review such logs, but I wouldn't
> > usually want the db connection from the application to have to run as
> > superuser if I could help it...  especially not a web application.
>
> Sure.  There is a workaround for that though, which is to provide a
> SECURITY DEFINER function for the app to call that will adjust the
> logging level for it, rather than trying to do the SET directly in
> unprivileged code.

But if they go that way can it done securely, turned on and off?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: ALTER USER SET log_* not allowed...
Next
From: Tom Lane
Date:
Subject: Re: BUG #1311: Can't crosscompile