Home > mailing lists

Re: pg_stat_replication security - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: pg_stat_replication security
Date	January 17, 2011 09:52:07
Msg-id	AANLkTi=JH0mAK64kS0PNHOaF60R=UmQ_CyF-0m115rXO@mail.gmail.com Whole thread Raw
In response to	Re: pg_stat_replication security (Josh Berkus <josh@agliodbs.com>)
Responses	Re: pg_stat_replication security (Itagaki Takahiro <itagaki.takahiro@gmail.com>)
List	pgsql-hackers

Tree view

On Sun, Jan 16, 2011 at 21:57, Josh Berkus <josh@agliodbs.com> wrote:
>
>>> I suggest instead either "superuser" or "replication" permissions.
>>
>> That's another idea.
>
> Oh, wait.  I take that back ... we're trying to encourage users NOT to
> use the "replication" user as a login, yes?

yeah.

Here's a patch that limits it to superuser only. We can't easily match
it to the user of the session given the way the walsender data is
returned - it doesn't contain the user information. But limiting it to
superuser only seems perfectly reasonable and in line with the
encouragement not to use the replication user for login.

Objections?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Attachment

stat_replication_secure.patch

pgsql-hackers by date:

From: Magnus Hagander
Date: 17 January 2011, 09:44:43
Subject: Re: walreceiver fallback_application_name

From: Joel Jacobson
Date: 17 January 2011, 10:02:03
Subject: Re: Bug in pg_describe_object, patch v2

Re: pg_stat_replication security - Mailing list pgsql-hackers

Attachment

Previous

Next