On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote: > Even accepting such a restriction, there's too much code in > core Postgres to let anyone feel very good about keeping the core free > of security leaks
I see what you're saying, but we're trying to pass certification, not provide security in all cases. The security policy & its implementation is part of the wall, so its straightforward to say "don't do those things". Since both backups and plugins are not typically managed by unprivileged users, that seems reasonable. (And anyway, they should be using PITR :-). I'd rather see it go in now. It needs to be audited, and it might fail. If we put it in 8.5 and it still fails, we'll be in 8.6, which is far, far away and we shouldn't expect NEC to fund such a long range mission. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers