On 2/21/17 01:50, Michael Paquier wrote:
> So what do you think about the patch attached? This does the following:
> - complete subscription list for CREATE/ALTER SUBSCRIPTION
> - complete publication list for CREATE/ALTER PUBLICATION
> - complete to nothing for PUBLICATION in CREATE/ALTER
On 21/02/17 07:50, Michael Paquier wrote:
> On Tue, Feb 21, 2017 at 12:48 AM, Stephen Frost wrote:
>> * Fujii Masao (masao.fu...@gmail.com) wrote:
>>> On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
>>> 1) Expose all the columns except subconninfo in pg_subscription to
>>>
On Tue, Feb 21, 2017 at 12:48 AM, Stephen Frost wrote:
> * Fujii Masao (masao.fu...@gmail.com) wrote:
>> On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
>> 1) Expose all the columns except subconninfo in pg_subscription to
>> non-superusers. In this idea, the
Greetings,
* Fujii Masao (masao.fu...@gmail.com) wrote:
> On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
> wrote:
> > On 2/13/17 12:07, Fujii Masao wrote:
> >> Anyway IMO that we can expose all the
> >> columns except the sensitive information (i.e.,
On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
wrote:
> On 2/13/17 12:07, Fujii Masao wrote:
>> Anyway IMO that we can expose all the
>> columns except the sensitive information (i.e., subconninfo field)
>> in pg_subscription to even non-superusers.
>
> You
* Robert Haas (robertmh...@gmail.com) wrote:
> On Sun, Feb 19, 2017 at 6:13 PM, Michael Paquier
> wrote:
> > On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander
> > wrote:
> >> If password auth is used, we have to store the password in plaintext
> >>
On Sun, Feb 19, 2017 at 6:13 PM, Michael Paquier
wrote:
> On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander wrote:
>> If password auth is used, we have to store the password in plaintext
>> equivalent somewhere. Meaning it's by definition going to
On Sun, Feb 19, 2017 at 1:43 PM, Michael Paquier
wrote:
> On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander
> wrote:
> > If password auth is used, we have to store the password in plaintext
> > equivalent somewhere. Meaning it's by definition going
On Sun, Feb 19, 2017 at 8:03 PM, Magnus Hagander wrote:
> If password auth is used, we have to store the password in plaintext
> equivalent somewhere. Meaning it's by definition going to be exposed to
> superusers and replication downstreams.
Another possibility is to
On Sun, Feb 19, 2017 at 1:03 PM, Petr Jelinek
wrote:
> On 19/02/17 12:03, Magnus Hagander wrote:
> >
> >
> > On Sun, Feb 19, 2017 at 2:01 AM, Michael Paquier
> > > wrote:
> >
> > On Sun, Feb 19, 2017
On 19/02/17 12:03, Magnus Hagander wrote:
>
>
> On Sun, Feb 19, 2017 at 2:01 AM, Michael Paquier
> > wrote:
>
> On Sun, Feb 19, 2017 at 9:50 AM, Michael Paquier
> >
On Sun, Feb 19, 2017 at 2:01 AM, Michael Paquier
wrote:
> On Sun, Feb 19, 2017 at 9:50 AM, Michael Paquier
> wrote:
> > I have been poking at it, and yeah... I missed the fact that
> > pg_subcription is not a view. I thought that
On Sun, Feb 19, 2017 at 9:50 AM, Michael Paquier
wrote:
> I have been poking at it, and yeah... I missed the fact that
> pg_subcription is not a view. I thought that check_conninfo was being
> called in this context only..
Still, storing plain passwords in system
On Sun, Feb 19, 2017 at 8:05 AM, Petr Jelinek
wrote:
> It's not a view it's system catalog which actually stores the data, how
> would it hide anything?
I have been poking at it, and yeah... I missed the fact that
pg_subcription is not a view. I thought that
On 19/02/17 00:02, Michael Paquier wrote:
> On Sat, Feb 18, 2017 at 11:57 PM, Petr Jelinek
> wrote:
>> On 15/02/17 05:56, Michael Paquier wrote:
>>> I thought that this was correctly clobbered... But... No that's not
>>> the case by looking at the code. And honestly
On Sat, Feb 18, 2017 at 11:57 PM, Petr Jelinek
wrote:
> On 15/02/17 05:56, Michael Paquier wrote:
>> I thought that this was correctly clobbered... But... No that's not
>> the case by looking at the code. And honestly I think that it is
>> unacceptable to show
On 15/02/17 05:56, Michael Paquier wrote:
> On Wed, Feb 15, 2017 at 3:18 AM, Jim Nasby wrote:
>> Why not do what we do for pg_stat_activity.current_query and leave it NULL
>> for non-SU?
>
> If subcriptions are designed to be superuser-only, it seems fair to me
> to do
* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
> On 2/13/17 12:07, Fujii Masao wrote:
> > Anyway IMO that we can expose all the
> > columns except the sensitive information (i.e., subconninfo field)
> > in pg_subscription to even non-superusers.
>
> You mean with column privileges?
On 2/13/17 12:07, Fujii Masao wrote:
> Anyway IMO that we can expose all the
> columns except the sensitive information (i.e., subconninfo field)
> in pg_subscription to even non-superusers.
You mean with column privileges?
We could probably do that. I don't know if we have done that before on
On Wed, Feb 15, 2017 at 3:18 AM, Jim Nasby wrote:
> Why not do what we do for pg_stat_activity.current_query and leave it NULL
> for non-SU?
If subcriptions are designed to be superuser-only, it seems fair to me
to do so. Some other system SRFs do that already.
> Even
On 2/13/17 9:36 PM, Michael Paquier wrote:
Probably I failed to get Peter's point... Anyway IMO that we can expose all the
columns except the sensitive information (i.e., subconninfo field)
in pg_subscription to even non-superusers. Then we can use pg_subscription
for the tab-completion for
On Tue, Feb 14, 2017 at 2:07 AM, Fujii Masao wrote:
> No, the tab-completions for ALTER/DROP PUBLICATION should show the local
> publications because those commands drop and alter the local ones. OTOH,
> CREATE/ALTER SUBSCRIPTOIN ... PUBLICATION should show nothing because
On Fri, Feb 10, 2017 at 1:52 PM, Michael Paquier
wrote:
> On Tue, Feb 7, 2017 at 6:35 AM, Peter Eisentraut
> wrote:
>> On 2/6/17 10:54 AM, Fujii Masao wrote:
>>> Yes, that's an option. And, if we add dbid to pg_stat_subscription,
>>>
On Tue, Feb 7, 2017 at 6:35 AM, Peter Eisentraut
wrote:
> On 2/6/17 10:54 AM, Fujii Masao wrote:
>> Yes, that's an option. And, if we add dbid to pg_stat_subscription,
>> I'm tempted to add all the pg_subscription's columns except subconninfo
>> into
On 2/6/17 10:54 AM, Fujii Masao wrote:
> Yes, that's an option. And, if we add dbid to pg_stat_subscription,
> I'm tempted to add all the pg_subscription's columns except subconninfo
> into pg_stat_subscription. Since subconninfo may contain security-sensitive
> information, it should be excluded.
On 2/5/17 11:52 PM, Michael Paquier wrote:
>> In "CREATE SUBSCRIPTION ... PUBLICATION" and "ALTER SUBSCRIPTION ... SET
>> PUBLICATION" cases, the publication defined in the publisher side should be
>> specified. But, with this patch, the tab-completion for PUBLICATION shows
>> the publications
On Mon, Feb 6, 2017 at 1:52 PM, Michael Paquier
wrote:
> On Sun, Feb 5, 2017 at 5:04 AM, Fujii Masao wrote:
>> With this patch, when normal users type TAB after SUBSCRIPTION,
>> they got "permission denied" error. I don't think that's acceptable.
On Sun, Feb 5, 2017 at 5:04 AM, Fujii Masao wrote:
> With this patch, when normal users type TAB after SUBSCRIPTION,
> they got "permission denied" error. I don't think that's acceptable.
Right, I can see that now. pg_stat_get_subscription() does not offer
as well a way to
On Sat, Feb 4, 2017 at 9:01 PM, Michael Paquier
wrote:
> On Fri, Feb 3, 2017 at 3:56 AM, Peter Eisentraut
> wrote:
>> On 2/2/17 12:48 AM, Michael Paquier wrote:
>>> +#define Query_for_list_of_subscriptions \
>>> +" SELECT
On Fri, Feb 3, 2017 at 3:55 AM, Peter Eisentraut
wrote:
> On 2/2/17 12:48 PM, Fujii Masao wrote:
>> +#define Query_for_list_of_subscriptions \
>> +" SELECT pg_catalog.quote_ident(subname) "\
>> +" FROM pg_catalog.pg_subscription "\
>> +" WHERE
On Fri, Feb 3, 2017 at 3:56 AM, Peter Eisentraut
wrote:
> On 2/2/17 12:48 AM, Michael Paquier wrote:
>> +#define Query_for_list_of_subscriptions \
>> +" SELECT pg_catalog.quote_ident(subname) "\
>> +" FROM pg_catalog.pg_subscription "\
>> +" WHERE
On 2/2/17 12:48 AM, Michael Paquier wrote:
> +#define Query_for_list_of_subscriptions \
> +" SELECT pg_catalog.quote_ident(subname) "\
> +" FROM pg_catalog.pg_subscription "\
> +" WHERE substring(pg_catalog.quote_ident(subname),1,%d)='%s'"
This query should also be qualified by current
On 2/2/17 12:48 PM, Fujii Masao wrote:
> +#define Query_for_list_of_subscriptions \
> +" SELECT pg_catalog.quote_ident(subname) "\
> +" FROM pg_catalog.pg_subscription "\
> +" WHERE substring(pg_catalog.quote_ident(subname),1,%d)='%s'"
>
> Since non-superuser is not allowed to access to
On Thu, Feb 2, 2017 at 2:48 PM, Michael Paquier
wrote:
> Hi all,
>
> While testing a bit the logical replication facility, I have bumped on
> the fast that psql's completion does not show the list of things
> already created. Attached is a patch.
+#define
Hi all,
While testing a bit the logical replication facility, I have bumped on
the fast that psql's completion does not show the list of things
already created. Attached is a patch.
Thanks,
--
Michael
subs-psql-completion.patch
Description: Binary data
--
Sent via pgsql-hackers mailing list
35 matches
Mail list logo