On 1 July 2014 18:32, Stephen Frost <sfr...@snowman.net> wrote: > Having functions to control the auditing would work, but it's not > exactly the ideal approach, imv, and
What aspect is less than ideal? > the only reason it's being > discussed here is because it might be a way to allow an extension to > provide the auditing- not because it's actually a benefit to anyone. That is a false statement, as well as being a personal one. It's sad to hear personal comments in this. It seems strange to be advocating new grammar at a time when we are actively reducing the size of it (see recent commits and long running hackers discussions). Functions don't carry the same overhead, in fact they cost nothing if you're not using them, which is the most important point. The right to execute functions can be delegated easily to any group that wants access. There is no special benefit to SQL grammar on that point. > However, if we have such functions in a contrib extension, I worry what > the pg_upgrade path is from that extension to an in-core solution. Functions are already used heavily for many aspects of PostgreSQL. http://www.postgresql.org/docs/devel/static/functions-admin.html Presumably you don't advocate an "in core" solution to replace pg_cancel_backend() etc? My proposed route for making this "in-core" is simply to accept that the extension is "in core". Auditing should, in my view, always be optional, since not everyone needs it. Cryptographic functions aren't in-core either and I'm guessing various security conscious organizations will use them and be happy. How does pgaudit differ from pgcrypto? Given the tone of this discussion, I don't see it going anywhere further anytime soon - that is good since there is no big rush. pgaudit is a sincere attempt to add audit functionality to Postgres. If you or anyone else wants to make a similarly sincere attempt to add audit functionality to Postgres, lets see the design and its connection to requirements. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
