On Saturday, September 7, 2024, Joe Conway <
mail@joeconway.com> wrote:
Yeah, but there are other issues, e.g. leaked usernames of the other customers too.
Yeah…multi-tenant clusters are great so long as you aren’t giving out logins to tenants. For tenants that need a login to the database they really need their own cluster and OS-level resource management.
I wonder how hard a “cluster coordinator” binary would be to implement - something that takes an overall configuration and some shared memory and effectively allocates those among multiple clusters on the same host. You can get some of this, like a total connection count, from a pooler.
That said, I’d need to go back and see the arguments for why we don’t just filter the list of globals to whatever the logged in role is capable of using. I wonder whether the concerns are with schema objects and globals are just collateral damage.
David J.
