Lists: | pgsql-hackers |
---|
From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
---|---|
To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Streaming replication and privilege |
Date: | 2010-03-04 10:47:31 |
Message-ID: | 3f0b79eb1003040247p6b092241of91784a505e9abd8@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Hi,
Currently superuser privilege is required when the standby connects
to the primary. But there is the complaint that we should add new
privilege for replication and use it instead of superuser because
current approach is not good for security (*1). This has been listed
as one of TODO items of SR.
This TODO item really needs to be addressed for 9.0? Frankly I'm not
familiar with that area, so I've not work on it at all yet, but I'm
going to create the patch if many people want it for 9.0. What is
your opinion?
(*1)
http://archives.postgresql.org/pgsql-hackers/2010-01/msg01536.php
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Streaming replication and privilege |
Date: | 2010-03-04 15:43:50 |
Message-ID: | 603c8f071003040743y47313f35iab2aca9e79f0609b@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
On Thu, Mar 4, 2010 at 5:47 AM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
> Currently superuser privilege is required when the standby connects
> to the primary. But there is the complaint that we should add new
> privilege for replication and use it instead of superuser because
> current approach is not good for security (*1). This has been listed
> as one of TODO items of SR.
>
> This TODO item really needs to be addressed for 9.0? Frankly I'm not
> familiar with that area, so I've not work on it at all yet, but I'm
> going to create the patch if many people want it for 9.0. What is
> your opinion?
>
> (*1)
> http://archives.postgresql.org/pgsql-hackers/2010-01/msg01536.php
In my opinion, it is a 9.1 item.
...Robert
From: | Josh Berkus <josh(at)agliodbs(dot)com> |
---|---|
To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Streaming replication and privilege |
Date: | 2010-03-04 18:14:15 |
Message-ID: | 4B8FF877.6010708@agliodbs.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
On 3/4/10 2:47 AM, Fujii Masao wrote:
> This TODO item really needs to be addressed for 9.0? Frankly I'm not
> familiar with that area, so I've not work on it at all yet, but I'm
> going to create the patch if many people want it for 9.0. What is
> your opinion?
I think it falls under "nice to have, but not essential for 9.0".
--Josh Berkus
From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
---|---|
To: | Josh Berkus <josh(at)agliodbs(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Streaming replication and privilege |
Date: | 2010-03-08 11:17:42 |
Message-ID: | 3f0b79eb1003080317t5c37bfa9l45d2edb3d0aa7b17@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
On Fri, Mar 5, 2010 at 3:14 AM, Josh Berkus <josh(at)agliodbs(dot)com> wrote:
> On 3/4/10 2:47 AM, Fujii Masao wrote:
>> This TODO item really needs to be addressed for 9.0? Frankly I'm not
>> familiar with that area, so I've not work on it at all yet, but I'm
>> going to create the patch if many people want it for 9.0. What is
>> your opinion?
>
> I think it falls under "nice to have, but not essential for 9.0".
Agreed. I moved it from TODO list for v9.0 to that for future release.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center