Sean Chittenden <[EMAIL PROTECTED]> writes:
>> I'm not objecting to the idea of being able to make users read-only.
>> I'm objecting to using GUC for it.  Send in a patch that, say, adds
>> a bool column to pg_shadow, and I'll be happy.

> How is that any different than ALTER USER [username] SET
> jail_read_only_transactions TO true?  It sets something in
> pg_shadow.useconfig column, which is permanent.

But it has to go through a mechanism that is designed and built to allow
that value to be overridden from other places.  I think using GUC for
this is just asking for trouble.  Even if there is no security hole
today, it's very easy to imagine future changes in GUC that would
unintentionally create one.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to