On Mon, Aug 5, 2013 at 03:53:01PM -0400, Alvaro Herrera wrote: > The other issue is that currently you can only edit a server's config if > you are logged in to it. If we permit SQL-level access to that, and > somebody who doesn't have access to edit the files blocks themselves > out, there is no way for them to get a working system *at all*.
Well, if we want to give the administrator a way to disable honoring any previously-defined ALTER SYSTEM SET commands, how would they do that without OS access? By definition, they can't connect via SQL, so what would the API be? Also, even if they could do it remotely, if they previously set listen_addresses via ALTER SYSTEM SET, and we then disable all ALTER SYSTEM SET settings, they still can't access the system because by default Postgres will only listen on local sockets. In summary, the SQL interface to configuration parameters is a convenience, but I don't think it is ever going to be something that can replace full file system access --- that is not a limitation of the implemention of ALTER SYSTEM SET, but just something that is impossible. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
