On 12/23/2010 08:59 PM, Magnus Hagander wrote:
On Thu, Dec 23, 2010 at 16:57, Robert Haas<robertmh...@gmail.com> wrote:
On Thu, Dec 23, 2010 at 10:54 AM, Tom Lane<t...@sss.pgh.pa.us> wrote:
Robert Haas<robertmh...@gmail.com> writes:
I haven't looked at the patch yet, but I think we should continue to
allow superuser-ness to be *sufficient* for replication - i.e.
superusers will automatically have the replication privilege just as
they do any other - and merely allow this as an option for when you
want to avoid doing it that way.
I don't particularly mind breaking that. If we leave it as-is, we'll
be encouraging people to use superuser accounts for things that don't
need that, which can't be good from a security standpoint.
And if we break it, we'll be adding an additional, mandatory step to
make replication work that isn't required today. You might think
that's OK, but I think the majority opinion is that it's already
excessively complex.
Most of the people I run across in the real world are rather surprised
how *easy* it is to set up, and not how complex. And tbh, the only
complexity complaints I've heard there are about the requirement to
start/backup/stop to get it up and running. I've always told everybody
to create a separate account to do it, and not heard a single comment
about that.
I agree - people I talked to are fairly surprised on us not using a
dedicated replication role but are surprised at the complexity of
actually initializing the replication (mostly the "we cannot do a base
backup over the replication connection" missfeature)
Stefan
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
