Re: Streaming replication as a separate permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Florian Pflug <fgp(at)phlo(dot)org>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2010-12-24 03:16:18
Message-ID: 2893.1293160578@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Florian Pflug <fgp(at)phlo(dot)org> writes:
> On Dec23, 2010, at 16:54 , Tom Lane wrote:
>> BTW, is it possible to set things up so that a REPLICATION account
>> can be NOLOGIN, thereby making it really hard to abuse for other
>> purposes? Or does the login privilege check come too soon?

> Please don't. This violates the principle of least surprise big time!

How so? (Please note I said *can be*, not *has to be*.)

The point of this is to ensure that if someone does illicitly come by
the replication role's password, they can't use it to log in. They can
still steal all your data, but they can't actually get into the
database. I don't see why it's a bad idea to configure things that way.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Florian Pflug 2010-12-24 03:36:51 Re: Streaming replication as a separate permissions
Previous Message KaiGai Kohei 2010-12-24 02:53:25 sepgsql contrib module