steve-chavez
commented
3 years ago IIRC, pgcrypto requires superuser and that's listed as a dependency on pgjwt.control.
Closed maparent closed 3 years ago
steve-chavez
commented
3 years ago IIRC, pgcrypto requires superuser and that's listed as a dependency on pgjwt.control.
maparent
commented
3 years ago pgcrypto is a trusted module and does not require superuser permissions to install. It would be nice if pgjwt did not add a new constraint.
steve-chavez
commented
3 years ago pgcrypto is a trusted module
Ah, seems that changed since pg 13, pg 12 and below still require superuser for pgcrypto.
maparent
commented
3 years ago Ah, fair point! Sorry I missed that. But I think the point stands; even if a superuser had to install pgcrypto, pyjwt does not escalate the pgcrypto permissions.
michelp
commented
3 years ago Sorry for the delay on getting back to you, I've been under a pile of other work and pgjwt languished as a result. @maparent I've sent you an invitation to collaborate on this repo, if you accept feel free to merge both your pull requests if you feel they are the best solution going forward.
maparent
commented
3 years ago Thank you very much!
The database owner cannot now install the extension ("must be superuser" error message.) There is nothing that requires this, and it's as simple as adding
superuser=falsetopgjwt.control.