Home > mailing lists

Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From	Josh Berkus
Subject	Re: Streaming replication as a separate permissions
Date	December 23, 2010 21:24:50
Msg-id	4D13CC21.5030206@agliodbs.com Whole thread Raw
In response to	Re: Streaming replication as a separate permissions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Streaming replication as a separate permissions (Tom Lane <tgl@sss.pgh.pa.us>) Re: Streaming replication as a separate permissions (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 12/23/10 2:21 PM, Tom Lane wrote:
> Josh Berkus <josh@agliodbs.com> writes:
>> If we still make it possible for "postgres" to replicate, then we don't
>> add any complexity to the simplest setup.
> 
> Well, that's one laudable goal here, but "secure by default" is another
> one that ought to be taken into consideration.

I don't see how *not* granting the superuser replication permissions
makes things more secure.  The superuser can grant replication
permissions to itself, so why is suspending them by default beneficial?I'm not following your logic here.

--                                  -- Josh Berkus                                    PostgreSQL Experts Inc.
                        http://www.pgexperts.com

pgsql-hackers by date:

From: Tom Lane
Date: 23 December 2010, 21:22:20
Subject: Re: Streaming replication as a separate permissions

From: Andrew Dunstan
Date: 23 December 2010, 21:27:39
Subject: Re: Cannot compile Pg 9.0.2 with MinGW under Windows

Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

Previous

Next