| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "glyn(at)8kb(dot)co(dot)uk" <glyn(at)8kb(dot)co(dot)uk> |
| Subject: | Re: "pg_xxx" role name restriction not applied to bootstrap superuser? |
| Date: | 2016-05-08 05:40:28 |
| Message-ID: | CAKFQuwZAAvZ_u2cB9p7EsRzt+8oGo8qYrQnSdH7vWf8LMWmF4w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Saturday, May 7, 2016, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Stephen Frost <sfrost(at)snowman(dot)net <javascript:;>> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us <javascript:;>) wrote:
> >> ... but I'm left with a policy question: should initdb disallow
> >> bootstrap superuser names like "pg_xxx"?
>
> > On the whole, I'd vote to treat the bootstrap user as a normal role and
> > therefore have the same restriction in place for that user also.
>
> If we're going to enforce such a restriction, I think it would be
> a good thing for it to be in place in beta1.
>
>
I don't fathom a good reason to treat only the bootstrap user differently.
I'd second guess prohibiting pg_ generally instead of only the specific
system roles in use in a given release. Having beta1 go out with full
restrictions will at least maximize the chance of getting complaints and
insight into how prevalent the prefix is in the wild.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2016-05-08 06:18:30 | Re: Reviewing freeze map code |
| Previous Message | Tom Lane | 2016-05-08 05:39:05 | Re: minor message improvement |