| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2010-12-23 20:31:01 |
| Message-ID: | 27452.1293136261@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Thu, Dec 23, 2010 at 16:15, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I think only superusers should be allowed to change the flag.
> That was certainly not intentional - and doesn't work that way for me
> at least, unless I broke it right before I submitted it.
> oh hang on.. Yeah, it's allowing anybody *that has CREATE ROLE*
> privilege to do it, I think. And I agree that's wrong and should be
> fixed. But I can't see it allowing anybody at all to do it - am I
> misreading the code?
Ah, sorry, yeah there are probably CREATE ROLE privilege checks
somewhere upstream of here. I was expecting to see a privilege check
added by the patch itself, and did not, so I complained.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-12-23 20:34:33 | Re: Streaming replication as a separate permissions |
| Previous Message | Pavel Stehule | 2010-12-23 20:30:49 | WIP: plpgsql - foreach in |