On 06/04/2013 10:25 AM, Tom Lane wrote:
>> > What wolud work best for us is to allow this path to be configurable,
>> > ideally through either an environment variable, command line switch, or
>> > (and this is the least desirable) a postgresql.conf option.
> Basically, none of those are likely to get accepted because of security
> concerns. We *don't* want this path to be run-time adjustable.
Really? I don't see a security concern in having a postgresql.conf
option which requires a full restart. If the user can edit
postgresql.conf and do a cold restart, presumably they can do anything
they want anyway.
If SET PERSISTENT gets into 9.4, then we might need to restrict it from
setting certain settings, like this one. But until that feature is
real, I don't see the potential expliot here.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
