Andres Freund <and...@anarazel.de> wrote: > On Tuesday, March 27, 2012 07:51:59 PM Kevin Grittner wrote: >>> Well, I guess if you have different people sharing the same >>> user-ID, you probably wouldn't want that. >> >> >> As Tom pointed out, if there's another person sharing the user ID >> you're using, and you don't trust them, their ability to cancel >> your session is likely way down the list of concerns you should >> have. > Hm. I don't think that is an entirely valid argumentation. The > same user could have entirely different databases. They even could > have distinct access countrol via the clients ip. > I have seen the same cluster being used for prod/test instances at > smaller shops several times. > > Whether thats a valid usecase I have no idea. Well, that does sort of leave an arguable vulnerability. Should the same user only be allowed to kill the process from a connection to the same database? -Kevin
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
