Tom Lane wrote:

Andrew Dunstan <[EMAIL PROTECTED]> writes:
Martijn van Oosterhout wrote:
Maybe someone should look into enabling slony to not run as a

That was my initial reaction to this suggestion. But then I realised that it might well make sense to have a separate connection-limited superuser for Slony purposes (or any other special purpose) alongside an unlimited superuser.

Actually, the real question in my mind is why Slony can't be trusted
to use the right number of connections to start with.  If you don't
trust it that far, what are you doing letting it into your database as
superuser to start with?

As for "connection-limited superuser", if you can't do ALTER USER SET
on yourself then you aren't a superuser, so any such restriction is
illusory anyway.

As a protection against malice, yes. I think Rod was more interested in some protection against stupidity.

Maybe the real answer is that Slony should connect as a non-superuser and call security definer functions for the privileged things it needs to do.



---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to