* Dean Rasheed (dean.a.rash...@gmail.com) wrote:
> On 9 February 2016 at 19:47, Robert Haas <robertmh...@gmail.com> wrote:
> > I think you're dismissing Tom's concerns far too lightly.  The
> > row_security=off mode, which is the default, becomes unusable for
> > non-superusers under this proposal.  That's bad.  And if you switch to
> > the other mode, then you might accidentally fail to get all of the
> > data in some table you're trying to back up.  That's bad too: that's
> > why it isn't the default.  There's a big difference between saying
> > "I'm OK with not dumping the tables I can't see" and "I'm OK with not
> > dumping all of the data in some table I *can* see".
> >
> > It seems to me that there's a big difference between policies we ship
> > out of the box and policies that are created be users: specifically,
> > the former can be assumed benign, while the latter can't.  I think
> > that difference matters here, although I'm not sure exactly where to
> > go with it.
> It sounds like there needs to be a separate system_row_security
> setting that controls RLS on the system catalogs, and that it should
> be on by default in pg_dump.

Right, that's what I had been thinking also.

Thanks (and congrats, btw!),


Attachment: signature.asc
Description: Digital signature

Reply via email to