Re: ALTER SYSTEM vs symlink - Mailing list pgsql-hackers

From Joe Conway
Subject Re: ALTER SYSTEM vs symlink
Date
Msg-id 5637A061.807@joeconway.com
Whole thread Raw
In response to Re: ALTER SYSTEM vs symlink  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
On 11/02/2015 09:24 AM, Stephen Frost wrote:
> I certainly look forward to having more fine grained control, to the
> point where I'd like to be able to run a system reasonably without an
> active superuser login.  Having superusers logging into production
> running databases is extremely dangerous.  What I have seen happening,
> in multiple organizations, is a move to proxy everything going to the
> database through some other system which attempts to vet and verify that
> the action is acceptable (this also happens to offer up much better
> auditing than what we have today).

I've seen this *repeatedly* in the past few years as well.

> I feel confident that we can provide a better solution than those proxy-based approaches.

+1

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: WIP: Rework access method interface
Next
From: Alvaro Herrera
Date:
Subject: Re: WIP: Rework access method interface