* Jim Nasby (jim.na...@bluetreble.com) wrote: > On 1/21/15 5:38 PM, Stephen Frost wrote: > >Being startup-only won't help if the user is a superuser. > > Crap, I thought postgresql.auto.conf was handled as an #include and therefore > you could still preempt it via postgresql.conf
It's not just that.. Having superuser access should really be considered equivilant to having a shell as the unix user that postgres is running as. > >If this is being done for every execution of a query then I agree- SQL > >or plpgsql probably wouldn't be fast enough. That doesn't mean it makes > >sense to have pgaudit support calling a C function, it simply means that > >we need to find another way to configure auditing (which is what I think > >I've done...). > > I'm still nervous about overloading this onto the roles system; I think it > will end up being very easy to accidentally break. But if others think it'll > work then I guess I'm just being paranoid. Break in which way..? If you're saying "it'll be easy for a user to misconfigure" then I might agree with you- but documentation and examples can help to address that. If you're worried that future PG hacking will break it, well, I tend to doubt the GRANT piece is the area of concern there- the recent development work is really around event triggers and adding new object classes; the GRANT components have been reasonably stable for the past few years. Thanks! Stephen
signature.asc
Description: Digital signature