Bruce,
This seems like a valuable feature, as others have mentioned. However,
should it also prevent changes to default_transaction_read_only?
What is the use case for this functionality?
I thought that this was rejected thouroughly by Tom some months ago. He
argued pretty strongly that
Josh Berkus wrote:
Bruce,
This seems like a valuable feature, as others have mentioned. However,
should it also prevent changes to default_transaction_read_only?
What is the use case for this functionality?
I thought that this was rejected thouroughly by Tom some months ago. He
Josh Berkus wrote:
I thought that this was rejected thouroughly by Tom some months ago. He
argued pretty strongly that READ ONLY transactions were *not* a security
feature and that trying to make them one would work very poorly.
I remember something like that, but I thought the
Sean Chittenden wrote:
I think Tom's big objection is the abuse of the GUC system for
maintaining this information. Having thought about this some, I think
the GUC system is pretty well suited for this and that Tom's objection
(correct me if I'm wrong here) is that GUC has a non-hierarchical
http://archives.postgresql.org/pgsql-patches/2003-07/msg00204.php
Sure sounds like you said READ ONLY xacts can't be used for security. :)
Better read it again then.
Okay:
It's not intended to be a security measure, and I would strongly
resist any attempt to make it so along the lines
Sean,
Um, why not make it an actual full blown security feature by applying
the following patch? This gives PostgreSQL real read only
transactions that users can't escape from. Notes about the patch:
Way nifty.
I vote in favor of this patch (suitably documented debugged) for 7.5.
--
I would NOT call it a security provision, as it is fairly
easily defeated using SET TRANSACTION.
Um, why not make it an actual full blown security feature by
applying the following patch?
It's not intended to be a security measure, and I would strongly
resist any attempt to make it
Um, why not make it an actual full blown security feature by
applying the following patch? This gives PostgreSQL real read
only transactions that users can't escape from. Notes about the
patch:
Way nifty.
I vote in favor of this patch (suitably documented debugged) for 7.5.
It's not intended to be a security measure, and I would strongly
resist any attempt to make it so along the lines you propose.
Intended or not, it does work.
No, you just haven't thought of a way to get around it yet. When
you do think of one, you'll be wanting us to contort the GUC
If we change default_transaction_read_only to PGC_USERLIMIT, the
administrator can turn it on and off, but an ordinary user can only turn
it on, but not off.
Would that help?
---
Sean Chittenden wrote:
-- Start of PGP
Tom, have you considered using PGC_USERLIMIT for the existing
default_transaction_read_only variable? You could allow admins to turn
it on and off, but non-admins could only turn it on.
---
Tom Lane wrote:
Sean Chittenden
11 matches
Mail list logo
