ALTER DATABASE and datallowconn

Started by Magnus Haganderover 13 years ago7 messages

magnus@hagander.net

over 13 years ago

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Simon Riggs

simon@2ndQuadrant.com

over 13 years ago

In reply to: Magnus Hagander (#1)

Re: ALTER DATABASE and datallowconn

On Thu, May 3, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

I think it can be removed, or rather deprecated.

datconnlimit can be set to 0

If we need to special case template0 then we should just do that. No
need to add a column to do it.

--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Magnus Hagander

magnus@hagander.net

over 13 years ago

In reply to: Simon Riggs (#2)

Re: ALTER DATABASE and datallowconn

On Thu, May 3, 2012 at 2:48 PM, Simon Riggs <simon@2ndquadrant.com> wrote:

On Thu, May 3, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

I think it can be removed, or rather deprecated.

datconnlimit can be set to 0

superusers bypass datconnlimit, but not datallowconn, don't they?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Tom Lane

tgl@sss.pgh.pa.us

over 13 years ago

In reply to: Magnus Hagander (#1)

Re: ALTER DATABASE and datallowconn

Magnus Hagander <magnus@hagander.net> writes:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

It was never intended to be a user-accessible switch, just something to
protect template0.

I don't agree with Simon's proposal to hard-wire protection for
template0 instead; that's ugly, and sometimes you do need to be able to
turn it off. But that's something that should be done only with adult
supervision, so having a nice friendly ALTER DATABASE command for it
seems exactly the wrong thing.

regards, tom lane

Magnus Hagander

magnus@hagander.net

over 13 years ago

In reply to: Tom Lane (#4)

Re: ALTER DATABASE and datallowconn

On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Magnus Hagander <magnus@hagander.net> writes:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

It was never intended to be a user-accessible switch, just something to
protect template0.

It can be rather useful for others as well, though - since it works as
a defense against superusers doing the wrong thing..

I don't agree with Simon's proposal to hard-wire protection for
template0 instead; that's ugly, and sometimes you do need to be able to
turn it off. But that's something that should be done only with adult
supervision, so having a nice friendly ALTER DATABASE command for it
seems exactly the wrong thing.

Yeah, I agree that from the perspective of template0, it definitely
looks that way.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Tom Lane

tgl@sss.pgh.pa.us

over 13 years ago

In reply to: Magnus Hagander (#5)

Re: ALTER DATABASE and datallowconn

Magnus Hagander <magnus@hagander.net> writes:

On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Magnus Hagander <magnus@hagander.net> writes:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

It was never intended to be a user-accessible switch, just something to
protect template0.

It can be rather useful for others as well, though - since it works as
a defense against superusers doing the wrong thing..

I'm having a hard time seeing the use-case for a user-created database
that nobody at all can connect to. Even if there is some marginal use
for that, you could achieve the result with a special entry in
pg_hba.conf to "reject" all connection attempts for that DB.

regards, tom lane

Magnus Hagander

magnus@hagander.net

over 13 years ago

In reply to: Tom Lane (#6)

Re: ALTER DATABASE and datallowconn

On Thu, May 3, 2012 at 4:26 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Magnus Hagander <magnus@hagander.net> writes:

On Thu, May 3, 2012 at 4:13 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Magnus Hagander <magnus@hagander.net> writes:

Is there a particular reason we don't have an ALTER DATABASE switch
that controls the datallowconn, or is it just something "missed out"?

It was never intended to be a user-accessible switch, just something to
protect template0.

It can be rather useful for others as well, though - since it works as
a defense against superusers doing the wrong thing..

I'm having a hard time seeing the use-case for a user-created database
that nobody at all can connect to. Even if there is some marginal use

template databases.

for that, you could achieve the result with a special entry in
pg_hba.conf to "reject" all connection attempts for that DB.

Yeah, that would work.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/