On Wed, Oct 13, 2010 at 11:45 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > "Kevin Grittner" <kevin.gritt...@wicourts.gov> writes: >> I had the pleasure of hearing Admiral Grace Hopper[1] speak at an >> ACM luncheon once. When she discussed security, she asserted that >> there was no such thing as security which could not be breached. >> The goal of security efforts should not be to make it perfect, >> because you can't; any time you convince yourself you have that you >> are simply fooling yourself and missing the vulnerabilities. In her >> view the goal was to make the costs of breaching security higher to >> the perpetrator than the benefits. Each obstacle in their way helps >> tip the scales in your favor. > > That's all true, but you have to consider how much the obstacle actually > gets in their way versus how painful it is on your end to create and > maintain the obstacle. I don't think this proposed patch measures up > very well on either end of that tradeoff.
I think it would behoove us to try to separate concerns about this particular patch from concerns about the viability of the whole approach. Whether or not it's useful to do X is a different question than whether it can be done with few enough lines of code and/or whether this patch actually does it well. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
