The bottom line is that I have no problem with making this change, but I want to be sure it is a full solution we aren't going to have to revisit later. I don't want to make the change and then find out we rushed it and have to make more adjustments in later releases.
--------------------------------------------------------------------------- Tom Lane wrote: > Bruce Momjian <[EMAIL PROTECTED]> writes: > > Tom Lane wrote: > >> started because setting these variables via ALTER USER fails to work. > > > It fails to work if logging was already on and someone wants to turn it > > off via ALTER USER, and that matches the expected behavior. > > Not if a superuser does it; superusers should be allowed to set it > however they want. In current code a superuser can't even set it > that way for himself, let alone for other nonprivileged users. > You seem to define "expected behavior" as "whatever the code does now", > but in point of fact it's got lots of deficiencies. > > > Well, you have just made the system less secure by creating that > > function. Why didn't you create a function that has the existing > > behavior of only allowing users to increase the log level? > > I repeat my point: I don't think DBAs actually need that. In the > function as illustrated, I gave joe_user (and nobody else) the choice > between 'all' and 'ddl' (and nothing else), where I suppose 'ddl' is the > global default. This is in fact a whole lot *more* secure than the > existing behavior, in the sense that I can constrain what's allowed a > lot more. > > If I later decide I want 'mod' as the global default, I can alter the > function to map it that way, and joe_user's application is entirely > unaffected. This is *not* true if I expect joe_user's app to set the > variable directly. He has to go change his app to conform to the new > global default. > > >> think so. I think that in the field, people are going to have at most > >> a couple of logging configurations they want to allow users to select, > >> and they will use code not significantly more complex than the above. > > > Can you show me the function? > > I did. > > > You should ask on general where > > we usually do such polls of feature changes? > > Where was the poll in which we decided that the logging variables needed > to be secured at all? In 7.3 these variables were all plain USERSET. > > regards, tom lane > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
