On 16/3/26 22:01, Andrei Lepikhov wrote:
> On 16/3/26 20:28, Jack Bonatakis wrote:
>> On Mon, Mar 16, 2026, at 2:08 PM, Andrei Lepikhov wrote:
>>> I believe the pg_readonly [1] extension does what you're looking for, so
>>> you might want to give it a try.
>> Please correct me if I am mistaken, but it looks like pg_readonly
>> operates at the database or cluster level.
Take a look at the [1] project. It's a simpler version of [2] that
always switches to read-only mode.
To use it, just have your connection pooler load the 'safesession'
module. This will keep the session in read-only mode until it ends.
There are no GUCs, and there is no way to change the mode, even for a
superuser. Does this seem safe enough?
We could improve it by restricting manual calls to specific utility
operations, such as VACUUM or REINDEX. However, we would need some
specifications first.
[1] https://github.com/danolivo/safesession/
[2] https://github.com/pierreforstmann/pg_readonly
--
regards, Andrei Lepikhov,
pgEdge
