Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Streaming replication as a separate permissions
Date
Msg-id AANLkTinUK2eBL=MFM43cryj3LNcZOEObAgep-tO-T8j+@mail.gmail.com
Whole thread Raw
In response to Re: Streaming replication as a separate permissions  (Simon Riggs <simon@2ndQuadrant.com>)
List pgsql-hackers
On Mon, Dec 27, 2010 at 16:45, Simon Riggs <simon@2ndquadrant.com> wrote:
> On Mon, 2010-12-27 at 14:54 +0100, Magnus Hagander wrote:
>
>> You will certainly be able to log into the standby with a superuser
>> account, nobody is preventing that. This is about protecting the
>> *master*. For example, from modifications made by a user who hacked
>> the standby.
>
> The users for master and standby are identical, so if they have access
> to the standby, they have access to the master. That's why we allow
> replication to be specifically excluded by the pg_hba.conf.

You are assuming there *is* a standby.

This is a defence against someone connecting with psql (or whatever)
directly to the master, *pretending to be* the standby (same
username/password, possibly even the same server ip).

Currently, this user gets the key to the kingdom and can modify things
freely on the master. With the patch, this user cannot. He can still
initiate streaming and eventually capture all your data, but he can't
modify it.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/


pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: C++ keywords in headers (was Re: [GENERAL] #include )
Next
From: Simon Riggs
Date:
Subject: Re: Reduce lock levels for ADD and DROP COLUMN