On Mon, Jun 23, 2014 at 5:42 PM, Fujii Masao <masao.fu...@gmail.com> wrote:
> On Sat, Jun 21, 2014 at 12:59 PM, Joe Conway <m...@joeconway.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 06/13/2014 07:29 AM, Tom Lane wrote:
>>> Fujii Masao <masao.fu...@gmail.com> writes:
>>>> On Thu, Jun 12, 2014 at 8:51 PM, Fujii Masao
>>>> <masao.fu...@gmail.com> wrote:
>>>>> Some users enable log_disconnections in postgresql.conf to
>>>>> audit all logouts. But since log_disconnections is defined with
>>>>> PGC_BACKEND, it can be changed at connection start. This means
>>>>> that any client (even nonsuperuser) can freely disable
>>>>> log_disconnections not to log his or her logout even when the
>>>>> system admin enables it in postgresql.conf. Isn't this
>>>>> problematic for audit?
>>>> That's harmful for audit purpose. I think that we should make
>>>> log_disconnections PGC_SUSET rather than PGC_BACKEND in order to
>>>> forbid non-superusers from changing its setting. Attached patch
>>>> does this.
>> This whole argument seems wrong unless I'm missing something:
>> test=# set log_connections = on;
>> ERROR: parameter "log_connections" cannot be set after connection start
>> test=# set log_disconnections = off;
>> ERROR: parameter "log_disconnections" cannot be set after connection
Hmm... I found that you had marked this proposal as "Returned with Feedback".
But I don't think that we reached the consensus to do that. I think that it's
still worth discussing this topic in this CF. So I marked this as "Needs Review"
If you strongly think that this proposal should be marked as
"Returned with Feedback", could you let me know why you think so?
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: