On 11/8/22 11:29, Christophe Pettus wrote: > >> On Nov 7, 2022, at 17:24, Jan Bilek <jan.bi...@eftlab.com.au> wrote: >> Would there be any way to go around this? > The typical configuration is to not permit the PostgreSQL superuser to log in > remotely. The database can be managed by a different, non-superuser role, > including schema migrations. Well, superuser (our App) is already logged in and as it is designed very much as an "appliance" it simply does that job - manages its database. There might be a way to explore whether we can use internally another (limited) user just for reporting queries on a different connection session. But I am getting (security related) headaches just thinking about it. > >> CREATE OR REPLACE LANGUAGE plpython3u; >> HINT: Must be superuser to create this extension. > The reason only a superuser can create this extension is the "u" at the end > of the name: It is an untrusted PL that can bypass PostgreSQL's role system. > If anyone could create functions in it, anyone could bypass roles.
Yes, agreed. Any ideas? -- Jan Bilek - CTO at EFTlab Pty Ltd.
