Home > mailing lists

Re: security labels on databases are bad for dump & restore - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: security labels on databases are bad for dump & restore
Date	July 28, 2015 22:03:09
Msg-id	20150728190301.GE4726@alap3.anarazel.de Whole thread Raw
In response to	Re: security labels on databases are bad for dump & restore (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: security labels on databases are bad for dump & restore
List	pgsql-hackers

Tree view

On 2015-07-28 14:58:26 -0400, Robert Haas wrote:
> Yes, I think we should make restoring the database's properties the
> job of pg_dump and remove it completely from pg_dumpall, unless we can
> find a case where that's really going to break things.

CREATE DATABASE blarg;
SECURITY LABEL ON blarg IS 'noaccess';
ALTER DATABASE blarg SET default_tablespace = space_with_storage;
pg_restore
-> SECURITY LABEL ON blarg IS 'allow_access';
-> ALTER DATABASE blarg SET default_tablespace = space_without_storage;

That's probably not sufficient reasons not to go that way, but I do
think there's a bunch more issues like that.

At the very least all these need to be emitted as ALTER DATABASE
current_database ... et al. Otherwise it's impossible to rename
databases, which definitely would not be ok.

Andres

pgsql-hackers by date:

From: Stephen Frost
Date: 28 July 2015, 22:02:25
Subject: Re: security labels on databases are bad for dump & restore

From: Robert Haas
Date: 28 July 2015, 22:05:05
Subject: Re: security labels on databases are bad for dump & restore

Re: security labels on databases are bad for dump & restore - Mailing list pgsql-hackers

Previous

Next