On Jan10, 2011, at 23:56 , Kevin Grittner wrote:
>> The proposed GUC would suppress the monitoring in SERIALIZABLE
>> mode and avoid the new serialization failures, thereby providing
>> legacy behavior -- anomalies and all.
>
> After posting that I realized that there's no technical reason that
> such a GUC couldn't be set within each session as desired, as long
> as we disallowed changes after the first snapshot of a transaction
> was acquired. The IsolationIsSerializable() macro could be modified
> to use that along with XactIsoLevel.
From a security point of view, it seems dangerous to allow
such a GUC to be set by non-superusers. It might allow users to
e.g. circumvent some access control scheme by exploiting a race
condition that only exists without true serializability.
The risk of confusion is also much higher if such a thing can be
set per-session.
So, if we need such a GUC at all, which I'm not sure we do, I
believe it should be settable only from postgresql.conf and the
command line.
best regards,
Florian Pflug
