From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
---|---|
To: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru>, Евгений Ефимкин <efimkin(at)yandex-team(dot)ru>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Connection limit doesn't work for superuser |
Date: | 2018-11-08 12:07:04 |
Message-ID: | a0ebfb5f68a88270526a3ac6f5647a179957c173.camel@cybertec.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tomas Vondra wrote:
> On 11/7/18 5:19 PM, Tom Lane wrote:
> > I think this proposal boils down to asking for support for an
> > incredibly bad application design, and equipping every database with
> > an additional foot-gun in order to have that.
>
> I'm not sure about that. IMHO being able to restrict the number of
> superuser connections can be used to force users to use regular
> (non-superuser) roles for stuff that does not require that. Which should
> encourage better application design.
>
> Of course, the question is whether such limit can actually be enforced
> reliably (I mean, can't the superuser simply change it?) and whether
> handing over superuser accounts to application users is a good idea in
> general ...
None of these arguments for enforcing a connection limit for superusers
sound terribly compelling to me.
He who is tempted to run his application with a superuser for
simplicitly's sake will not be the person to set a connection limit
for superusers.
I concur with Tom that this will do more harm than good.
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | Tomas Vondra | 2018-11-08 12:07:42 | Re: valgrind issues on Fedora 28 |
Previous Message | David Rowley | 2018-11-08 11:54:51 | Re: PostgreSQL Limits and lack of documentation about them. |