On 11/02/2015 09:24 AM, Stephen Frost wrote: > I certainly look forward to having more fine grained control, to the > point where I'd like to be able to run a system reasonably without an > active superuser login. Having superusers logging into production > running databases is extremely dangerous. What I have seen happening, > in multiple organizations, is a move to proxy everything going to the > database through some other system which attempts to vet and verify that > the action is acceptable (this also happens to offer up much better > auditing than what we have today).
I've seen this *repeatedly* in the past few years as well. > I feel confident that we can provide a better solution than those proxy-based > approaches. +1 Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Description: OpenPGP digital signature