Greetings,
* Peter Geoghegan (p...@bowt.ie) wrote:
> On Wed, Jun 16, 2021 at 12:06 PM Andres Freund wrote:
> > > I would think that it wouldn't really matter inside VACUUM -- it would
> > > only really need to be either an opportunistic pruning or an
> > > opportunistic index deletion thing --
Greetings,
* Greg Stark (st...@mit.edu) wrote:
> I think Andres's point earlier is the one that stands out the most for me:
>
> > I still think that's the most reasonable course. I actually like the
> > feature, but I don't think a better implementation of it would share
> > much if any of the
Greetings,
* Julien Rouhaud (rjuju...@gmail.com) wrote:
> On Wed, Jun 16, 2021 at 9:19 PM Stephen Frost wrote:
> > This is exactly it. I don't agree that we can, or should, treat every
> > sensible thing that we realize about what the archive command or the
> > backup
Greetings,
* Julien Rouhaud (rjuju...@gmail.com) wrote:
> On Wed, Jun 16, 2021 at 01:17:11AM -0400, Stephen Frost wrote:
> > > Consider that, really, an archive command should refuse to allow archiving
> > > > of WAL on a timeline which doesn’t have a co
Greetings,
On Tue, Jun 15, 2021 at 23:21 Julien Rouhaud wrote:
> On Tue, Jun 15, 2021 at 11:00:57PM -0400, Stephen Frost wrote:
> >
> > As I suggested previously- this is similar to the hooks that we provide.
> We
> > don’t extensively document them because if you
Greetings,
On Tue, Jun 15, 2021 at 21:11 Julien Rouhaud wrote:
> On Tue, Jun 15, 2021 at 02:28:04PM -0400, Stephen Frost wrote:
> >
> > * Julien Rouhaud (rjuju...@gmail.com) wrote:
> > > On Tue, Jun 15, 2021 at 11:33:10AM -0400, Stephen Frost wro
Greetings,
* Julien Rouhaud (rjuju...@gmail.com) wrote:
> On Tue, Jun 15, 2021 at 11:33:10AM -0400, Stephen Frost wrote:
> > The requirements are things which are learned over years and changes
> > over time. Trying to document them and keep up with them would be a
> > prett
Greetings,
* torikoshia (torikos...@oss.nttdata.com) wrote:
> On 2021-06-14 23:53, Mark Dilger wrote:
> >>On Jun 14, 2021, at 5:51 AM, torikoshia
> >>wrote:
> >>BTW, do these patches enable non-superusers to create user with
> >>bypassrls?
[...]
> >Do you believe that functionality should be
Greetings,
* Kyotaro Horiguchi (horikyota@gmail.com) wrote:
> At Fri, 11 Jun 2021 16:08:33 +0900, Michael Paquier
> wrote in
> > On Fri, Jun 11, 2021 at 03:32:28PM +0900, Kyotaro Horiguchi wrote:
> > > I think cp can be an example as far as we explain the limitations. (On
> > > the other
Greetings,
* Kyotaro Horiguchi (horikyota@gmail.com) wrote:
> At Wed, 09 Jun 2021 16:56:14 +0900, Tatsuro Yamada
> wrote in
> > On 2021/06/09 16:23, Fujii Masao wrote:
> > > Instead, we should consider and document "better" command for
> > > archive_command, or implement something like
Greetings,
* Kyotaro Horiguchi (horikyota@gmail.com) wrote:
> So, this is the new new thread.
This is definitely not the way I would recommend starting up a new
thread as you didn't include the actual text of the prior discussion for
people to be able to read and respond to, instead making
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 17:00:23 -0400, Bruce Momjian wrote:
> > If you go in that direction, you should make sure pg_upgrade preserves
> > what you use (it does not preserve relfilenode, just pg_class.oid)
>
> Is there a reason for pg_upgrade not
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Thu, May 27, 2021 at 04:09:13PM -0400, Stephen Frost wrote:
> > The above article, at least, suggested encrypting the sector number
> > using the second key and then multiplying that times 2^(block number),
> > wh
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 16:09:13 -0400, Stephen Frost wrote:
> > * Andres Freund (and...@anarazel.de) wrote:
> > > On 2021-05-27 15:22:21 -0400, Stephen Frost wrote:
> > > > I'm also not sure how much of the eff
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 15:22:21 -0400, Stephen Frost wrote:
> > I'm also not sure how much of the effort would really be duplicated.
> >
> > Were we to start with XTS, that's almost drop-in with what Bruce has
> > (actual
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 13:26:11 -0400, Stephen Frost wrote:
> > * Andres Freund (and...@anarazel.de) wrote:
> > > On 2021-05-27 12:49:15 -0400, Stephen Frost wrote:
> > > > That's not really a reason to rule it out
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 12:49:15 -0400, Stephen Frost wrote:
> > That's not really a reason to rule it out though and Bruce's point about
> > having a way to get to an encrypted cluster from an unencrypted one is
> > certainl
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-27 12:28:39 -0400, Robert Haas wrote:
> > All that having been said, I am pretty sure I don't fully understand
> > what any of these modes involve. I gather that XTS requires two keys,
> > but it seems like it doesn't require a
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On Thu, May 27, 2021, at 08:10, Bruce Momjian wrote:
> > On Wed, May 26, 2021 at 05:11:24PM -0700, Andres Freund wrote:
> > > On 2021-05-25 17:12:05 -0400, Bruce Momjian wrote:
> > > > If we used a block cipher instead of a streaming one
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, May 26, 2021 at 2:37 PM Stephen Frost wrote:
> > > Anybody got a better idea?
> >
> > If we stipulate (and document) that all replicas need their own keys
> > then we no longer need to worry about no
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> OK, that's what I thought. We already expose the clog and fsm, so
> exposing the hint bits seems acceptable. If everyone agrees, I will
> adjust my patch to not WAL log hint bit changes.
Robert pointed out that it's not just hint bits
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
> > Another idea might be - instead of doing nonce++ every time we write
> > the page, do nonce=random(). That's eventually going to repeat a
> > value, but it's extremely li
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, May 25, 2021 at 7:58 PM Stephen Frost wrote:
> > The simple thought I had was masking them out, yes. No, you can't
> > re-encrypt a different page with the same nonce. (Re-encrypting the
> > exact same pag
Greetings,
On Tue, May 25, 2021 at 22:11 Bruce Momjian wrote:
> On Tue, May 25, 2021 at 09:58:22PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> > > > The nonc
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> > The nonce needs to be a new one, if we include the hint bits in the set
> > of data which is encrypted.
> >
> > However, what I believe folks are
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 07:48:54PM -0400, Stephen Frost wrote:
> > Not sure what you're referring to in the second half ... simply knowing
> > that some of the data has a given plaintext (such as having a really
> > go
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 08:03:14PM -0400, Stephen Frost wrote:
> > Indeed they are, but that's not relevant to the thrust of this specific
> > debate.
> >
> > Bruce is arguing that because clog is unpro
Greetings,
* Justin Pryzby (pry...@telsasoft.com) wrote:
> This patch adds hits/misses/dirtied, but explain says
> hit/read/dirtied/written.
>
> Should it say "read" instead of "misses" ?
>
> src/backend/access/heap/vacuumlazy.c:
>_("buffer
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Matthias van de Meent writes:
> > I like the idea of the ZSON type, but I'm somewhat disappointed by its
> > current limitations:
>
> I've not read the code, so maybe this thought is completely off-point,
> but I wonder if anything could be
Greetings,
* Egor Rogov (e.ro...@postgrespro.ru) wrote:
> On 11.02.2021 01:10, Stephen Frost wrote:
> >* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> >>On 05/02/2021 23:22, Stephen Frost wrote:
> >>>Unless there's anything else on this, I'll commit these sometim
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:15:55 -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > We already discussed that there are too many other ways to break system
> > > integrity that are not encry
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:22:43 -0400, Stephen Frost wrote:
> > Err, to be clear, I was saying that we could exclude the hint bits
> > *entirely* from what's being encrypted and I don't think that would be a
> > huge issue.
>
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:04:50 -0400, Stephen Frost wrote:
> > I do think it's reasonable to consider having hint bits not included in
> > the encrypted part of the page and therefore remove the need to produce
> > a new no
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 16:34:10 -0400, Stephen Frost wrote:
> > The nonce does need to be absolutely unique for a given encryption key and
> > therefore needs to be global in some form.
>
> You can achieve that without a
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:25:36PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > > > We already discus
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:22:43PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > OK, this is good to know. I know the never-reuse rule, so it is good to
> > > know it can be relax
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > We already discussed that there are too many other ways to break system
> > > integrity that are not encrypted/integrity-checked, e.g., changes t
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:14:24PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > Yes, I can see that happening. I think occasional leakage of hint bit
> > > changes to be a
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:04:50PM -0400, Stephen Frost wrote:
> > > Now, if we want to consult some security experts and have them tell us
> > > the hint bit visibility is not a problem, we could get by without us
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 04:29:08PM -0400, Stephen Frost wrote:
> > On Tue, May 25, 2021 at 14:56 Bruce Momjian wrote:
> >
> > On Tue, May 25, 2021 at 02:25:21PM -0400, Robert Haas wrote:
> > > One
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 01:54:21PM -0700, Andres Freund wrote:
> > On 2021-05-25 15:34:04 -0400, Bruce Momjian wrote:
> > > My point is that we have to full-page-write cases where we change the
> > > nonce --- we get a new LSN/nonce for free
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 03:20:06PM -0400, Bruce Momjian wrote:
> > Also, when you change hint bits, either you don't change the nonce/LSN,
> > and don't re-encrypt the page (and the hint bit changes are visible), or
> > you change the nonce
Greetings,
On Tue, May 25, 2021 at 15:09 Robert Haas wrote:
> On Tue, May 25, 2021 at 2:45 PM Bruce Momjian wrote:
> > Well, if we create a separate nonce counter, we still need to make sure
> > it doesn't go backwards during a crash, so we have to WAL log it
>
> I think we don't really need a
Greetings,
On Tue, May 25, 2021 at 14:56 Bruce Momjian wrote:
> On Tue, May 25, 2021 at 02:25:21PM -0400, Robert Haas wrote:
> > One question here is whether we're comfortable saying that the nonce
> > is entirely constant. I wasn't sure about that. It seems possible to
> > me that different
roles could
probably be better. Specifically:
Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost)
These non-login roles give read-only/write-only access to all objects.
Might be better as:
These non-login roles give read, or write, access to all tables, views,
a
Greetings,
* Laurenz Albe (laurenz.a...@cybertec.at) wrote:
> I would like to add a thread on pgsql-docs to the commitfest, but I
> found that that cannot be done.
>
> What is the best way to proceed?
> Since we have a "documentation" section in the commitfest, it would
> be useful to allow
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Andrew Dunstan writes:
> > On 5/13/21 7:38 PM, Bossart, Nathan wrote:
> >> I've attached a small patch that allows specifying only direct members
> >> of a group in pg_hba.conf.
>
> > Do we really want to be creating two classes of role
Greetings,
* Chapman Flack (c...@anastigmatix.net) wrote:
> If pg_hba syntax changes are being entertained, I would love to be able
> to set ssl_min_protocol_version locally in a hostssl rule.
>
> Some clients at $work are stuck with ancient SSL libraries, but I would
> much rather be able to
Greetings,
* Jacob Champion (pchamp...@vmware.com) wrote:
> On Thu, 2021-05-13 at 11:42 -0700, Mark Dilger wrote:
> > The distinction that Theme+Security would make is that capabilities
> > can be categorized by the area of the system:
> > -- planner
> > -- replication
> > -- logging
> >
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > There's a ridiculously simple option here which is: drop the idea that
> > we support an extension redefining the query id and then just make it
> > on/off with the default to be 'on'
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Thu, May 13, 2021 at 07:39:45PM +0200, Christoph Berg wrote:
> > Re: Bruce Momjian
> > > Well, now that we have clear warnings when it is misconfigured,
> > > especially when querying the pg_stat_statements view, are these
> > > complaints
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Thu, May 13, 2021 at 01:33:27PM -0400, Stephen Frost wrote:
> > I'm coming around to have a similar feeling. While having an
> > alternative query ID might be useful, I have a hard time seeing it as
> > likely t
Greetings,
* Mark Dilger (mark.dil...@enterprisedb.com) wrote:
> > On May 12, 2021, at 12:58 PM, Robert Haas wrote:
> > - Group things by which section of postgresql.conf they're in, and
> > then further restrict some of them as security-sensitive. This is
> > reasonably close to what you've
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Andrew Dunstan writes:
> > The only thing that bugs me is that we're pretty damn late in the
> > process to be engaging in this amount of design.
>
> Indeed. I feel that this feature was forced in before it was really
> ready.
I'm coming
Greetings,
* Etsuro Fujita (etsuro.fuj...@gmail.com) wrote:
> On Thu, Mar 4, 2021 at 1:00 PM Etsuro Fujita wrote:
> > Another thing I'm concerned about in the postgres_fdw part is the case
> > where all/many postgres_fdw ForeignScans of an Append use the same
> > connection, because in that case
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, May 5, 2021 at 4:31 PM Andres Freund wrote:
> > On 2021-05-05 16:22:21 -0400, Robert Haas wrote:
> > > Huh, I had not thought about that problem. So, at the risk of getting
> > > sidetracked, what exactly are you asking for here?
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, May 5, 2021 at 4:13 PM Stephen Frost wrote:
> > That said, in an ideal world, we'd have a way to get the new timeline to
> > switch to in a way that doesn't leave open race conditions, so as long
> > we
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, May 5, 2021 at 1:06 PM Stephen Frost wrote:
> > It's not just about making sure that we archive the history file for a
> > timeline before archiving WAL segments along that timeline but also
> > abo
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, May 4, 2021 at 11:54 AM Dilip Kumar wrote:
> > I agree that if we continue to archive one file using the archive
> > command then Robert's solution of checking the existence of the next
> > WAL segment (N+1) has an advantage.
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, May 3, 2021 at 2:48 PM Tom Lane wrote:
> > I'm still of the opinion that slicing and dicing this at the per-GUC
> > level is a huge waste of effort. Just invent one role that lets
> > grantees set any GUC, document it as being
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, May 3, 2021 at 12:25 PM Mark Dilger
> wrote:
> > As things stand, all custom variables defined via the
> > DefineCustom{Bool,Int,Real,String,Enum}Variable are placed in the
> > CUSTOM_OPTIONS config_group. We could add a role
Greetings,
On Fri, Apr 30, 2021 at 19:19 Mark Dilger
wrote:
> PostgreSQL defines a number of GUCs that can only be set by superusers. I
> would like to support granting privileges on subsets of these to
> non-superuser roles, inspired by Stephen Frost's recent work on
> pg_read_all_data and
Greetings,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Thu, Apr 29, 2021 at 7:08 AM Peter Eisentraut
> wrote:
> > On 28.04.21 16:09, Alvaro Herrera wrote:
> > > Looking at it now, I wonder how well do the "hostno" options work. If I
> > > say "hostnogssenc", is an SSL-encrypted socket
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Mon, Apr 26, 2021 at 03:21:46PM -0400, Stephen Frost wrote:
> > * Andres Freund (and...@anarazel.de) wrote:
> >> I'm getting a bit worried about the incremental increase in
> >> pg_stat_activity width - it
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-04-26 11:34:16 +0900, Michael Paquier wrote:
> > 9afffcb has added the concept of authenticated identity to the
> > information provided in log_connections for audit purposes, with this
> > data stored in each backend's port. One
Greetings,
* Alvaro Herrera (alvhe...@alvh.no-ip.org) wrote:
> On 2021-Apr-26, Tom Lane wrote:
>
> > Stephen Frost writes:
> > > * Magnus Hagander (mag...@hagander.net) wrote:
> > >> Thatäs why I suggested the three value one. Default to a mode where
>
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > * Magnus Hagander (mag...@hagander.net) wrote:
> >> Thatäs why I suggested the three value one. Default to a mode where
> >> it's automatic, which is what the majority is going t
Greetings,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Mon, Apr 26, 2021 at 6:56 PM Tom Lane wrote:
> > Stephen Frost writes:
> > > * Bruce Momjian (br...@momjian.us) wrote:
> > >> Techically, pg_stat_statements can turn on compute_query_id when it is
>
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Mon, Apr 26, 2021 at 05:34:30PM +0200, Christoph Berg wrote:
> > Re: Peter Eisentraut
> > > > Agreed. If pg_stat_statements were zero-configuration today then
> > > > this would be an annoying new burden, but it isn't.
> > >
> > > I
Greetings,
* Noah Misch (n...@leadboat.com) wrote:
> On Mon, Apr 19, 2021 at 05:38:43PM -0400, Stephen Frost wrote:
> > > > > On Fri, Apr 16, 2021 at 3:57 AM Noah Misch wrote:
> > > > >> Hence, I do find it reasonable to let pg_read_all_data be sufficien
Greetings,
* Andrey Borodin (x4...@yandex-team.ru) wrote:
> > 20 апр. 2021 г., в 02:38, Stephen Frost написал(а):
> > Here's what I'd ask Andrey- what's the actual use-case here? Are these
> > cases where users are actually adding new functions which they believe
> > a
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> On 21/04/2021 18:40, Stephen Frost wrote:
> >I surely hope that the intent here is to use Negotiate / SPNEGO to
> >authenticate the user who is connecting to the webserver and then have
> >credentia
Greetings,
On Wed, Apr 21, 2021 at 19:17 Thomas Munro wrote:
> On Thu, Apr 22, 2021 at 8:16 AM Thomas Munro
> wrote:
> > That wasn't my plan, but I admit that the timing was non-ideal. In
> > any case, I'll dig into these failures and then consider options.
> > More soon.
>
> Yeah, this
Greetings,
On Wed, Apr 21, 2021 at 17:01 Andres Freund wrote:
> On 2021-04-21 16:55:28 -0400, Tom Lane wrote:
> > My concern about it was not at all about performance, but that every time
> > you write it is a new opportunity for the filesystem to lose or corrupt
> > the data.
>
> We already
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-04-21 15:51:38 -0400, Stephen Frost wrote:
> > It does seem like we have some trade-offs here to weigh, but
> > pg_control is indeed quite small..
>
> What do you mean by that? That the overhead of writing it
Greetings,
* Mark Dilger (mark.dil...@enterprisedb.com) wrote:
> > On Apr 20, 2021, at 3:19 PM, Tom Lane wrote:
> > The rest of your analysis seems a bit off-point to me, which is what
> > makes me think that one of us is confused. If Alice is storing her
> > data in a Postgres database, she
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-04-21 14:36:24 -0400, Stephen Frost wrote:
> > * Andres Freund (and...@anarazel.de) wrote:
> > > Unfortunately I think something like a percentage is hard to calculate
> > > right now. Even just lo
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-04-20 14:56:58 -0400, Tom Lane wrote:
> > I wonder though whether we really need authentication here. pg_ping
> > already exposes whether the database is up, to anyone who can reach the
> > postmaster port at all. Would it be so
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> On 20/04/2021 20:01, Stephen Frost wrote:
> >I'm not necessarily against this, but typically the GSSAPI library
> >provides a way for you to control this using, eg, the KRB5_CCACHE
> >environment var
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Yeah, being able to pick up on this remotely seems like it'd be quite
> > nice. I'm not really thrilled with the idea, but the best I've got
> > offhand for this would be a new role that's &quo
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> This is a small patch (against master) to allow an application using libpq
> with GSSAPI authentication to specify where to fetch the credential cache
> from -- it effectively consists of a new field in PQconninfoOptions
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Magnus Hagander writes:
> > On Tue, Apr 20, 2021 at 5:17 PM Jehan-Guillaume de Rorthais
> > wrote:
> >> Two another options:
> >> 1. if this is limited to local access only, outside of the log entries, the
> >> status of the startup could be
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Apr 19, 2021 at 4:32 PM Tom Lane wrote:
> > Robert Haas writes:
> > > On Fri, Apr 16, 2021 at 3:57 AM Noah Misch wrote:
> > >> Hence, I do find it reasonable to let pg_read_all_data be sufficient for
> > >> setting LEAKPROOF. I
Greetings Michael,
* Michael Banck (michael.ba...@credativ.de) wrote:
> Am Montag, den 08.03.2021, 20:54 +0500 schrieb Ibrar Ahmed:
> > On Thu, Dec 31, 2020 at 6:16 PM Michael Banck
> > wrote:
> > > in today's world, some DBAs have no superuser rights, but we can
> > > delegate them additional
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Updated patch attached. Will be playing with it a bit more but
> generally feel like it's in pretty good shape. Unless there's anything
> further on this, I'll likely commit it over the weekend.
Weekend ended up being a
Greetings,
* Joe Conway (m...@joeconway.com) wrote:
> On 4/2/21 9:57 AM, Isaac Morland wrote:
> >Views already run security definer, allowing them to be used for some of
> >the same information-hiding purposes as RLS. But I just found something
> >strange: current_user/_role returns the user's
Greetings,
* Isaac Morland (isaac.morl...@gmail.com) wrote:
> On Fri, 2 Apr 2021 at 01:44, Dan Lynch wrote:
> > RLS policies quals/checks are optimized inline, and so I generally avoid
> > writing a separate procedure so the optimizer can do it's thing.
> >
> > However, if you need a security
Greetings,
* gkokola...@pm.me (gkokola...@pm.me) wrote:
> On Monday, November 23, 2020 11:31 PM, Stephen Frost
> wrote:
> > - Anastasia Lubennikova (a.lubennik...@postgrespro.ru) wrote:
> >
> > > On 29.10.2020 17:19, Stephen Frost wrote:
> > >
>
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Unless there's anything further on this, I'll plan to push in the next
> day or so.
... and done.
Thanks!
Stephen
signature.asc
Description: PGP signature
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Wed, Mar 31, 2021 at 10:15:15PM +, Jacob Champion wrote:
> > I think we're going to need some analogue to PQinitOpenSSL() to help
> > client applications cut through the mess, but I'm not sure what it
> > should look like, or how
Greetings,
* Daniel Gustafsson (dan...@yesql.se) wrote:
> > On 20 Nov 2020, at 22:13, Stephen Frost wrote:
> > Attached is a patch to move from 'default role' terminology to
> > 'predefined role' in the documentation. In the code, I figured it made
> > more sense to
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Stephen Frost (sfr...@snowman.net) wrote:
> > Awesome, attached is just a rebase (not that anything really changed).
> > Unless someone wants to speak up, I'll commit this soonish (hopefully
> > tomorrow, but at
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Stephen Frost (sfr...@snowman.net) wrote:
> > * Michael Paquier (mich...@paquier.xyz) wrote:
> > > On Mon, Mar 22, 2021 at 04:07:12PM -0400, Robert Haas wrote:
> > > > On Mon, Mar 22, 2021 at 1:48 PM
Greetings!
* Zi Yi Xu (jennyziyi...@mail.utoronto.ca) wrote:
> I am a third-year undergrad student at University of Toronto. I am very
> interested to do a project in the context of Google Summer of Code with
> mentors from PostgreSQL. I am mostly interested in working on improving
>
Greetings,
* Kyotaro Horiguchi (horikyota@gmail.com) wrote:
> At Mon, 29 Mar 2021 14:47:33 +0900, Michael Paquier
> wrote in
> > On Fri, Mar 26, 2021 at 10:16:40AM -0700, Andres Freund wrote:
> > > On 2021-03-26 18:20:14 +0900, Kyotaro Horiguchi wrote:
> > > > This is because
Greetings,
* Euler Taveira (eu...@eulerto.com) wrote:
> On Sun, Mar 28, 2021, at 2:22 PM, Stephen Frost wrote:
> > Unless there's anything further, will commit these soon.
> I briefly looked at this patch and have a few comments.
>
> +
> + pg_receivexlog renamed to
&
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Awesome, attached is just a rebase (not that anything really changed).
> Unless someone wants to speak up, I'll commit this soonish (hopefully
> tomorrow, but at least sometime later this week).
Alright, as this took a bit mor
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Michael Paquier (mich...@paquier.xyz) wrote:
> > On Mon, Mar 22, 2021 at 04:07:12PM -0400, Robert Haas wrote:
> > > On Mon, Mar 22, 2021 at 1:48 PM Stephen Frost wrote:
> > >> Thanks for that. Atta
Greetings,
* Jacob Champion (pchamp...@vmware.com) wrote:
> On Fri, 2021-03-26 at 15:33 -0400, Stephen Frost wrote:
> > * Jacob Champion (pchamp...@vmware.com) wrote:
> > > Databases that are opened *after* the first one are given their own
> > > separate slots.
Greetings,
* Jacob Champion (pchamp...@vmware.com) wrote:
> On Wed, 2021-03-24 at 14:10 -0400, Stephen Frost wrote:
> > * Jacob Champion (pchamp...@vmware.com) wrote:
> > > I could see this being a problem if two client certificate nicknames
> > > collide across multi
501 - 600 of 1906 matches
Mail list logo