| From: | Daniel Gomez Blanco <nanodgb(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Pros and cons of giving someone superuser privilege |
| Date: | 2014-04-25 15:09:43 |
| Message-ID: | CAL4HELcX=hfDugeuDVa_-+=ju3F0ktRiLcNu3UxrfR4BANAUsQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
We provide some extensions by default, and would be willing to install more
extensions if needed. The point about stored procedures is a good point
though.
Thanks for your input!
Daniel
On 25 April 2014 16:52, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Daniel Gomez Blanco (nanodgb(at)gmail(dot)com) wrote:
> > >From your reply and considering why I have just said, I think that, in
> our
> > case, these users would be better off without superuser access. As for
> > their day-to-day operations they wouldn't need it as long as they can
> > create their databases and roles, and execute the rest of operations on
> the
> > web interface.
>
> Just to hit on this again- that means your users can't install any
> extensions (not even those provided as part of PG through contrib).
> Eventually, users will get upset by the lack of things like PostGIS.
>
> They also can't create stored procedures using any of the untrusted
> languages (of course, if they could, they could get access to the host,
> so that may be a show-stopper anyway).
>
> Thanks,
>
> Stephen
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Henry Korszun | 2014-04-25 17:37:13 | |
| Previous Message | Stephen Frost | 2014-04-25 14:52:24 | Re: Pros and cons of giving someone superuser privilege |