| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Synchronous replication patch v1 |
| Date: | 2008-11-04 15:51:41 |
| Message-ID: | 49106F8D.9060204@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Fujii Masao wrote:
> On Fri, Oct 31, 2008 at 11:12 PM, Heikki Linnakangas
> <heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
>> AFAICS, there's no security, at all. Anyone that can log in, can become a
>> WAL sender, and receive all WAL for the whole cluster.
>
> One simple solution is to define the database only for replication. In
> this solution,
> we can handle the authentication for replication like the usual database access.
> That is, pg_hba.conf, the cooperation with a database role, etc are
> supported also
> in replication. So, a user can set up the authentication rules easily.
You mean like a pseudo database name in pg_hba.conf, and in the startup
message, that actually means "connect for replication"? Yeah, something
like that sounds reasonable to me.
> ISTM that there
> is no advantage which separates authentication for replication from
the existing
> mechanism.
Agreed.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2008-11-04 15:55:04 | Re: pgsql: Unite ReadBufferWithFork, ReadBufferWithStrategy, and |
| Previous Message | Ron Mayer | 2008-11-04 15:50:09 | Re: Patch for SQL-Standard Interval output and decoupling DateStyle from IntervalStyle |