On Mon, Jun 23, 2014 at 5:42 PM, Fujii Masao <masao.fu...@gmail.com> wrote: > On Sat, Jun 21, 2014 at 12:59 PM, Joe Conway <m...@joeconway.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 06/13/2014 07:29 AM, Tom Lane wrote: >>> Fujii Masao <masao.fu...@gmail.com> writes: >>>> On Thu, Jun 12, 2014 at 8:51 PM, Fujii Masao >>>> <masao.fu...@gmail.com> wrote: >>>>> Some users enable log_disconnections in postgresql.conf to >>>>> audit all logouts. But since log_disconnections is defined with >>>>> PGC_BACKEND, it can be changed at connection start. This means >>>>> that any client (even nonsuperuser) can freely disable >>>>> log_disconnections not to log his or her logout even when the >>>>> system admin enables it in postgresql.conf. Isn't this >>>>> problematic for audit? >>> >>>> That's harmful for audit purpose. I think that we should make >>>> log_disconnections PGC_SUSET rather than PGC_BACKEND in order to >>>> forbid non-superusers from changing its setting. Attached patch >>>> does this. >> >> This whole argument seems wrong unless I'm missing something: >> >> test=# set log_connections = on; >> ERROR: parameter "log_connections" cannot be set after connection start >> test=# set log_disconnections = off; >> ERROR: parameter "log_disconnections" cannot be set after connection >> start
Hmm... I found that you had marked this proposal as "Returned with Feedback". But I don't think that we reached the consensus to do that. I think that it's still worth discussing this topic in this CF. So I marked this as "Needs Review" again. If you strongly think that this proposal should be marked as "Returned with Feedback", could you let me know why you think so? Regards -- Fujii Masao -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers