Re: Non-superuser subscription owners - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: Non-superuser subscription owners
Date
Msg-id cfcb0c3a59c57e77063c259b0d4295ff0923c64e.camel@j-davis.com
Whole thread Raw
In response to Re: Non-superuser subscription owners  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: Non-superuser subscription owners
List pgsql-hackers
On Wed, 2023-03-22 at 12:16 -0400, Robert Haas wrote:
> If nobody's too unhappy with the idea, I plan to commit this soon,
> both because I think that the feature is useful, and also because I
> think it's an important security improvement.

Is there any chance I can convince you to separate the privileges of
using a connection string and creating a subscription, as I
suggested[1] earlier?

It would be useful for dblink, and I also plan to propose CREATE
SUBSCRIPTION ... SERVER for v17 (it was too late for 16), for which it
would also be useful to make the distinction.

You seemed to generally think it was a reasonable idea, but wanted to
wait for the other patch. I think it's the right breakdown of
privileges even now, and I don't see a reason to give ourselves a
headache later trying to split up the privileges later.

Regards,
    Jeff Davis

[1]
https://www.postgresql.org/message-id/fa1190c117c2455f2dd968a1a09f796ccef27b29.camel@j-davis.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Can we avoid chdir'ing in resolve_symlinks() ?
Next
From: Andres Freund
Date:
Subject: Re: Set arbitrary GUC options during initdb