Re: Questions about the new subscription parameter: password_required - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Questions about the new subscription parameter: password_required
Date
Msg-id CA+TgmoaG3CiGPELTHByxjnwAqV15vkV+TAL7=3zt7j_7misFWw@mail.gmail.com
Whole thread Raw
In response to Questions about the new subscription parameter: password_required  (Benoit Lobréau <benoit.lobreau@dalibo.com>)
Responses Re: Questions about the new subscription parameter: password_required
List pgsql-hackers
On Thu, Sep 21, 2023 at 8:03 AM Benoit Lobréau
<benoit.lobreau@dalibo.com> wrote:
> I am confused about the new subscription parameter: password_required.
>
> I have two instances. The publisher's pg_hba is configured too allow
> connections without authentication. On the subscriber, I have an
> unprivileged user with pg_create_subscription and CREATE on the database.
>
> I tried using a superuser to create a subsciption without setting the
> password_required parameter (the default is true). Then I changed the
> owner to the unprivileged user.
>
> This user can use the subscription without limitation (including ALTER
> SUBSCRIPTION ENABLE / DISABLE). The \dRs+ metacommand shows that a
> password is requiered, which is not the case (or it is but it's not
> enforced).
>
> Is this normal? I was expecting the ALTER SUBSCRIPTION .. OWNER to fail.

Which one? I see 2 ALTER SUBSCRIPTION ... OWNER commands in
password_required.log and 1 more in password_required2.log, but
they're all performed by the superuser, who is entitled to do anything
they want.

The intention here is that most subscriptions will have
passwordrequired=true. If such a subscription is owned by a superuser,
the superuser can still use them however they like. If owned by a
non-superuser, they can use them however they like *provided* that the
password must be used to authenticate. If the superuser wants a
non-superuser to be able to own a subscription that doesn't use a
password, the superuser can set that up by configuring
passwordrequired=false. But then that non-superuser is not allowed to
further manipulate that subscription.

--
Robert Haas
EDB: http://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: CREATE FUNCTION ... SEARCH { DEFAULT | SYSTEM | SESSION }
Next
From: David Geier
Date:
Subject: Re: how to do profile for pg?