On 11/8/22 11:29, Christophe Pettus wrote: > >> On Nov 7, 2022, at 17:24, Jan Bilek <jan.bilek@xxxxxxxxxxxxx> wrote: >> Would there be any way to go around this? > The typical configuration is to not permit the PostgreSQL superuser to log in remotely. The database can be managed by a different, non-superuser role, including schema migrations. Well, superuser (our App) is already logged in and as it is designed very much as an "appliance" it simply does that job - manages its database. There might be a way to explore whether we can use internally another (limited) user just for reporting queries on a different connection session. But I am getting (security related) headaches just thinking about it. > >> CREATE OR REPLACE LANGUAGE plpython3u; >> HINT: Must be superuser to create this extension. > The reason only a superuser can create this extension is the "u" at the end of the name: It is an untrusted PL that can bypass PostgreSQL's role system. If anyone could create functions in it, anyone could bypass roles. Yes, agreed. Any ideas? -- Jan Bilek - CTO at EFTlab Pty Ltd.
