On 3/29/17 19:01, Petr Jelinek wrote: >> So this CREATE SUBSCRIPTION priv actually gives you the power to cause >> the system to open network connections to the outside world. It's not >> something you give freely to random strangers -- should be guarded >> moderately tight, because it could be used as covert channel for data >> leaking. However, it's 1000x better than requiring superuser for >> subscription creation, so +1 for the current approach. >> > Plus on the other hand you might want to allow somebody to stream data > from another server but not necessarily allow said person to create new > objects in the database which standard CREATE privilege would allow. So > I think it makes sense to push this approach.
One new concern I just thought about is that having GRANT whatever ON DATABASE would allow a database owner to assign these privileges, but a database owner is not necessarily someone highly privileged to make this decision. So I'm prepared to set this patch to returned with feedback for now. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
