Andres Freund <andres@anarazel.de> wrote:
> On Tuesday, March 27, 2012 07:51:59 PM Kevin Grittner wrote:
>>> Well, I guess if you have different people sharing the same
>>> user-ID, you probably wouldn't want that.
>>
>>
>> As Tom pointed out, if there's another person sharing the user ID
>> you're using, and you don't trust them, their ability to cancel
>> your session is likely way down the list of concerns you should
>> have.
> Hm. I don't think that is an entirely valid argumentation. The
> same user could have entirely different databases. They even could
> have distinct access countrol via the clients ip.
> I have seen the same cluster being used for prod/test instances at
> smaller shops several times.
>
> Whether thats a valid usecase I have no idea.
Well, that does sort of leave an arguable vulnerability. Should the
same user only be allowed to kill the process from a connection to
the same database?
-Kevin
