| From: | Christopher Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: per-row security |
| Date: | 2006-11-07 20:05:02 |
| Message-ID: | 87hcxbhvkh.fsf@wolfe.cbbrowne.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
ajs(at)crankycanuck(dot)ca (Andrew Sullivan) wrote:
> On Mon, Nov 06, 2006 at 01:40:18PM -0800, Marc Munro wrote:
>> You will of course be replicating the underlying tables and not the
>> views, so your replication user will have to have full access to the
>> unsecured data. This is natural and should not be a concern but may be
>> worth explicitly documenting.
>
> In Slony, the replication user has to be a superuser anyway, so it
> would have access to that data no matter what.
When Slony-II work was ongoing, replication was taking place from a
deeper level inside the DB engine such that that took place as perhaps
even a "superduperuser."
A replication mechanism which captured updates from transaction logs
would have "effectively more than superuser access", too.
--
select 'cbbrowne' || '@' || 'gmail.com';
http://linuxfinances.info/info/languages.html
Rules of the Evil Overlord #71. "If I decide to test a lieutenant's
loyalty and see if he/she should be made a trusted lieutenant, I will
have a crack squad of marksmen standing by in case the answer is no."
<http://www.eviloverlord.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2006-11-07 20:12:15 | Re: I'm lost :-( with FOR...IN |
| Previous Message | Alain Roger | 2006-11-07 20:02:56 | Re: I'm lost :-( with FOR...IN |