On 2013-08-29 21:26:48 -0400, Stephen Frost wrote:
> > Sure, you can construct a scenario where this matters.  The ops guys
> > have "sudo postgres pg_ctl" access but adminpack isn't installed and
> > they have no other way to modify the configuration file.  But that's
> > just bizarre.  And if that's really the environment you have, then you
> > can install a loadable module that grabs ProcessUtility_hook and uses
> > it to forbid ALTER SYSTEM on that machine.  Hell, we can ship such a
> > thing in contrib.  Problem solved.  But it's surely too obscure a
> > combination of circumstances to justify disabling this by default.
> It's not the OPs guy that I'm worried about using ALTER SYSTEM- I don't
> expect them to have any clue about it or care about it, except where it
> can be used to modify things under /etc which they, rightfully, consider
> their domain.

I think for the scenarios you describe it makes far, far much more sense
to add the ability to easily monitor for two things:
* on-disk configuration isn't the same as the currently loaded (not
  trivially possible yet)
* Configuration variables only come from locations that are approved for
  in your scenario (Already possible, we might want to make it even easier)


Andres Freund

 Andres Freund                     http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to