public inbox for [email protected]  
help / color / mirror / Atom feed
[PATCH v9 3/4] COPY: flush multi-insert buffer based on accumulated size of tuples..
3+ messages / 3 participants
[nested] [flat]

* [PATCH v9 3/4] COPY: flush multi-insert buffer based on accumulated size of tuples..
@ 2020-12-05 14:52  Justin Pryzby <[email protected]>
  0 siblings, 0 replies; 3+ messages in thread

From: Justin Pryzby @ 2020-12-05 14:52 UTC (permalink / raw)

..rather than line length
---
 src/backend/commands/copyfrom.c        | 2 +-
 src/include/executor/nodeModifyTable.h | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/backend/commands/copyfrom.c b/src/backend/commands/copyfrom.c
index 8221a2c5d3..e5ea909dfe 100644
--- a/src/backend/commands/copyfrom.c
+++ b/src/backend/commands/copyfrom.c
@@ -685,7 +685,7 @@ CopyFrom(CopyFromState cstate)
 					/* Add this tuple to the tuple buffer */
 					MultiInsertInfoStore(&cstate->miinfo,
 											 resultRelInfo, myslot,
-											 cstate->line_buf.len,
+											 MemoryContextMemAllocated(myslot->tts_mcxt, true),
 											 cstate->miinfo.cur_lineno);
 
 					/*
diff --git a/src/include/executor/nodeModifyTable.h b/src/include/executor/nodeModifyTable.h
index 30542a542a..87b689099c 100644
--- a/src/include/executor/nodeModifyTable.h
+++ b/src/include/executor/nodeModifyTable.h
@@ -41,10 +41,10 @@ extern void ExecReScanModifyTable(ModifyTableState *node);
 #define MAX_BUFFERED_TUPLES		1000
 
 /*
- * Flush buffers if there are >= this many bytes, as counted by the input
- * size, of tuples stored.
+ * Flush buffers if there are >= this many bytes of tuples stored, as counted
+ * by the slot's memory contexts.
  */
-#define MAX_BUFFERED_BYTES		65535
+#define MAX_BUFFERED_BYTES		(1024*1024*8)
 
 /* Trim the list of buffers back down to this number after flushing */
 #define MAX_PARTITION_BUFFERS	32
-- 
2.17.0


--3yNHWXBV/QO9xKNm
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="v9-0004-WIP-check-tuple-size.patch"



^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Rights Control within DB (which SuperUser cannot access, but user can)
@ 2023-10-05 19:38  Rajesh Mittal <[email protected]>
  0 siblings, 1 reply; 3+ messages in thread

From: Rajesh Mittal @ 2023-10-05 19:38 UTC (permalink / raw)
  To: [email protected]

Hello,

Is there a way, where an authorized user (Creates Table / Inserts Data) in
a DB, which the SuperUser cannot access the same.

I understand SuperUser can revoke the access of the user, but he should not
be able to see the table structure and data inserted in those tables.

Best,

Rajesh


^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: Rights Control within DB (which SuperUser cannot access, but user can)
@ 2023-10-05 19:47  Tom Lane <[email protected]>
  parent: Rajesh Mittal <[email protected]>
  0 siblings, 0 replies; 3+ messages in thread

From: Tom Lane @ 2023-10-05 19:47 UTC (permalink / raw)
  To: Rajesh Mittal <[email protected]>; +Cc: [email protected]

Rajesh Mittal <[email protected]> writes:
> Is there a way, where an authorized user (Creates Table / Inserts Data) in
> a DB, which the SuperUser cannot access the same.
> I understand SuperUser can revoke the access of the user, but he should not
> be able to see the table structure and data inserted in those tables.

You might be able to do something with contrib/sepgsql, if you're
on a selinux-enabled platform.  But TBH the correct solution here
is to not give out superuser to people you don't trust.  There is
no way that you're likely to make an entirely bulletproof setup.
(Consider, just to begin with, how you're going to prevent a rogue
superuser from de-installing sepgsql, or even simply doing
"set role other_user".)

Also keep in mind that "prevent user A from seeing the structure
of user B's tables" is not part of Postgres' threat models at all.
Most system catalogs are world-readable, and you can't change that
without breaking an awful lot of tools.  If you don't like this,
a plausible answer is to give each user their own database.

			regards, tom lane






^ permalink  raw  reply  [nested|flat] 3+ messages in thread


end of thread, other threads:[~2023-10-05 19:47 UTC | newest]

Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2020-12-05 14:52 [PATCH v9 3/4] COPY: flush multi-insert buffer based on accumulated size of tuples.. Justin Pryzby <[email protected]>
2023-10-05 19:38 Rights Control within DB (which SuperUser cannot access, but user can) Rajesh Mittal <[email protected]>
2023-10-05 19:47 ` Re: Rights Control within DB (which SuperUser cannot access, but user can) Tom Lane <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox