Andrew McMillan wrote: -- Start of PGP signed section. > On Tue, 2004-11-09 at 13:58 -0500, Tom Lane wrote: > > > > Bruce and I were chatting about this on the phone today, and we were > > seriously considering a more radical proposal: get rid of the whole > > concept of USERLIMIT variables, and make the logging variables be plain > > SUSET (ie, only superusers can change 'em). This would eliminate the > > current ability of a non-superuser to increase the logging verbosity > > of his session, but it's not real clear that that's such a good idea > > anyway. (Cranking the log verbosity up far past what the DBA wants > > could be seen as a primitive form of DOS attack; and anyway, if you are > > not a superuser then you can't see what's in the log, so why should > > you care what the verbosity is, much less be able to affect it?) Given > > the code complexity of the USERLIMIT stuff and the number of bugs > > already found in it, getting rid of it seems awfully attractive. > > The current functionality could be useful inside particular code paths > of an application, where you want to increase the log verbosity in a > particular part of the code, when it (unpredictably) happens, without > nuking the logs entirely. > > Of course you are superuser when you review such logs, but I wouldn't > usually want the db connection from the application to have to run as > superuser if I could help it... especially not a web application.
As much as I would like the URERLIMIT hacks removed for 8.0 I am thinking we are too far along in release and don't have enough time to figure out how to do the security definer function cleanly. I am thinking we should wait for 8.1 and maybe have the USERLIMIT capability integrated intot a security definer capability function we ship with our code. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
