From: | Dmitriy Sarafannikov <dsarafannikov(at)yandex(dot)ru> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andrey Borodin <x4mmm(at)yandex-team(dot)ru>, Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Connection limit doesn't work for superuser |
Date: | 2018-11-07 14:59:31 |
Message-ID: | 4E68352C-1330-4FE5-92F2-A64997C49545@yandex.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
What about LOGIN option? It is a similar access restriction, but it works for superuser.
=# create role nologin_role superuser nologin unencrypted password '1234';
CREATE ROLE
Time: 1.230 ms
~ $ psql postgres -U nologin_role -h localhost
Password for user nologin_role:
psql: FATAL: role "nologin_role" is not permitted to log in
IMHO it does not fit this logic.
> 7 нояб. 2018 г., в 17:45, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> написал(а):
>
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> I don't think we should consider something that prevents you from
>> connecting to the database to be in the same category as something
>> that limits what you can do once you are connected. IOW, +1 to the
>> original proposal from me.
>
> I'd vote against. I think there are way more cases where this would
> create a problem than where it would fix one.
>
> regards, tom lane
>
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2018-11-07 15:03:39 | Re: pread() and pwrite() |
Previous Message | Tom Lane | 2018-11-07 14:45:53 | Re: Connection limit doesn't work for superuser |