From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
---|---|
To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Bruce Momjian <bruce(at)momjian(dot)us>, Joel Jacobson <joel(at)compiler(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com>, Magnus Hagander <magnus(dot)hagander(at)redpill-linpro(dot)com>, Maciek Sakrejda <m(dot)sakrejda(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Subject: | Re: Possibility to disable `ALTER SYSTEM` |
Date: | 2024-03-19 17:56:08 |
Message-ID: | E7E4CA89-E034-4231-ADCA-5EB9F081CBC1@yesql.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 19 Mar 2024, at 17:53, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
>
> On Tue, 19 Mar 2024 at 17:05, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I've said this repeatedly: it's not enough. The only reason we need
>> any feature whatsoever is that somebody doesn't trust their database
>> superusers to not try to modify the configuration.
>
> And as everyone else on this thread has said: It is enough. Because
> the point is not security, the point is hinting to a superuser that a
> workflow they know from other systems (or an ALTER SYSTEM command they
> copied from the internet) is not the intended way to modify their
> server configuration on the system they are currently working on.
Well. Protection against superusers randomly copying ALTER SYSTEM commands
from the internet actually does turn this into a security feature =)
--
Daniel Gustafsson
From | Date | Subject | |
---|---|---|---|
Next Message | Daniel Gustafsson | 2024-03-19 17:57:10 | Re: Possibility to disable `ALTER SYSTEM` |
Previous Message | Kartyshov Ivan | 2024-03-19 17:38:55 | Re: [HACKERS] make async slave to wait for lsn to be replayed |