On 17.03.26 15:05, Andrei Lepikhov wrote:
On 17/3/26 14:52, Bruce Momjian wrote:
On Tue, Mar 17, 2026 at 11:04:25AM +0100, Andrei Lepikhov wrote:
On 16/3/26 22:25, Bruce Momjian wrote:
On Mon, Mar 16, 2026 at 10:01:22PM +0100, Andrei Lepikhov wrote:
I do think the underlying problem of safely exposing databases to
automated agents is becoming increasingly common, so it seems like a
useful area to explore.
I agree the need a read-only sessions is going to get more urgent with
MCP. Why doesn't the community code have a read-only session option
that can't be changed?
The pg_readonly project aims to answer this question: if it is easy and
cheap to implement as an extension, why do we need to touch the core?
I think it is a fundamental feature the database should have by default.
Why wasn’t read-only mode set up like this from the start? - I haven’t
seen any other DBMSs, aside from SQLite, offer this kind of guarantee.
If we want to move forward, it makes sense to use a session parameter
and add backend code to prevent violations.
Postgres architecture looks well-suited for this feature. However, the
request is to block all backend changes, not just the usual XactReadOnly
limitations, but also things like vacuum, etc (temporary tables?).
Should we also consider cluster-wide restrictions?
Read-only mode is a transaction property, not an access control system.
If you want to control who can read what, there is an access control
system for that. If it's insufficient, let's enhance it. But let's
keep these things separate.
