public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: Isaac Morland <[email protected]>
Cc: [email protected]
Subject: Re: Reducing the log spam
Date: Thu, 07 Mar 2024 08:30:59 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAMsGm5eUBnrV6QR+-8ErTBXGw7qXEWAuJY+DwYZTSb5CGiXcwA@mail.gmail.com>
References: <[email protected]>
<CAMsGm5eUBnrV6QR+-8ErTBXGw7qXEWAuJY+DwYZTSb5CGiXcwA@mail.gmail.com>
On Wed, 2024-03-06 at 17:33 -0500, Isaac Morland wrote:
> I have two questions about this:
>
> First, can it be done per role? If I have a particular application which is
> constantly throwing some particular error, I might want to suppress it, but
> not suppress the same error occasionally coming from another application.
> I see ALTER DATABASE name SET configuration_parameter … as being useful here,
> but often multiple applications share a database.
>
> Second, where can this setting be adjusted? Can any session turn off logging
> of arbitrary sets of sqlstates resulting from its queries? It feels to me
> like that might allow security problems to be hidden. Specifically, the first
> thing an SQL injection might do would be to turn off logging of important
> error states, then proceed to try various nefarious things.
I was envisioning the parameter to be like other logging parameters, for
example "log_statement": only superusers can set the parameter or GRANT
that privilege to others. Also, a superuser could use ALTER ROLE to set
the parameter for all sessions by that role.
> It seems to me the above questions interact; an answer to the first might be
> "ALTER ROLE role_specification SET configuration_parameter", but I think that
> would allow roles to change their own settings, contrary to the concern
> raised by the second question.
If a superuser sets "log_statement" on a role, that role cannot undo or change
the setting. That's just how I plan to implement the new parameter.
Yours,
Laurenz Albe
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Reducing the log spam
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox