| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Function to kill backend |
| Date: | 2004-04-03 03:55:21 |
| Message-ID: | 11360.1080964521@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Seems like useful functionality. Right now, how does an administrator
> kill another backend from psql? They can't.
The question to ask is "should they be able to?"
I think any such facility is inherently a security risk, since it means
that a remote attacker who's managed to break into your superuser
account can randomly zap other backends. Now admittedly there's plenty
of other mischief he can do with superuser privs, but that doesn't mean
we should hand him a pre-loaded, pre-sighted cannon.
Having to log into the database server locally to execute such
operations doesn't seem that bad to me.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-04-03 03:58:40 | Re: Problems Vacuum'ing |
| Previous Message | Tom Lane | 2004-04-03 03:21:19 | Re: Problems Vacuum'ing |