On Wed, Oct 13, 2010 at 11:45 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> "Kevin Grittner" <kevin.gritt...@wicourts.gov> writes:
>> I had the pleasure of hearing Admiral Grace Hopper[1] speak at an
>> ACM luncheon once.  When she discussed security, she asserted that
>> there was no such thing as security which could not be breached.
>> The goal of security efforts should not be to make it perfect,
>> because you can't; any time you convince yourself you have that you
>> are simply fooling yourself and missing the vulnerabilities.  In her
>> view the goal was to make the costs of breaching security higher to
>> the perpetrator than the benefits.  Each obstacle in their way helps
>> tip the scales in your favor.
>
> That's all true, but you have to consider how much the obstacle actually
> gets in their way versus how painful it is on your end to create and
> maintain the obstacle.  I don't think this proposed patch measures up
> very well on either end of that tradeoff.

I think it would behoove us to try to separate concerns about this
particular patch from concerns about the viability of the whole
approach.  Whether or not it's useful to do X is a different question
than whether it can be done with few enough lines of code and/or
whether this patch actually does it well.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to