On 03/27/2012 03:14 PM, Kevin Grittner wrote:
Andres Freund<and...@anarazel.de> wrote:
On Tuesday, March 27, 2012 07:51:59 PM Kevin Grittner wrote:
Well, I guess if you have different people sharing the same
user-ID, you probably wouldn't want that.
As Tom pointed out, if there's another person sharing the user ID
you're using, and you don't trust them, their ability to cancel
your session is likely way down the list of concerns you should
have.
Hm. I don't think that is an entirely valid argumentation. The
same user could have entirely different databases. They even could
have distinct access countrol via the clients ip.
I have seen the same cluster being used for prod/test instances at
smaller shops several times.
Whether thats a valid usecase I have no idea.
Well, that does sort of leave an arguable vulnerability. Should the
same user only be allowed to kill the process from a connection to
the same database?
It might be a reasonable restriction in theory, but I doubt it's much of
a security gain.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
