> On 19 Mar 2024, at 17:53, Jelte Fennema-Nio <postg...@jeltef.nl> wrote: > > On Tue, 19 Mar 2024 at 17:05, Tom Lane <t...@sss.pgh.pa.us> wrote: >> I've said this repeatedly: it's not enough. The only reason we need >> any feature whatsoever is that somebody doesn't trust their database >> superusers to not try to modify the configuration. > > And as everyone else on this thread has said: It is enough. Because > the point is not security, the point is hinting to a superuser that a > workflow they know from other systems (or an ALTER SYSTEM command they > copied from the internet) is not the intended way to modify their > server configuration on the system they are currently working on.
Well. Protection against superusers randomly copying ALTER SYSTEM commands from the internet actually does turn this into a security feature =) -- Daniel Gustafsson
