On Thu, Dec 23, 2010 at 16:57, Robert Haas <robertmh...@gmail.com> wrote: > On Thu, Dec 23, 2010 at 10:54 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> Robert Haas <robertmh...@gmail.com> writes: >>> I haven't looked at the patch yet, but I think we should continue to >>> allow superuser-ness to be *sufficient* for replication - i.e. >>> superusers will automatically have the replication privilege just as >>> they do any other - and merely allow this as an option for when you >>> want to avoid doing it that way. >> >> I don't particularly mind breaking that. If we leave it as-is, we'll >> be encouraging people to use superuser accounts for things that don't >> need that, which can't be good from a security standpoint. > > And if we break it, we'll be adding an additional, mandatory step to > make replication work that isn't required today. You might think > that's OK, but I think the majority opinion is that it's already > excessively complex.
Most of the people I run across in the real world are rather surprised how *easy* it is to set up, and not how complex. And tbh, the only complexity complaints I've heard there are about the requirement to start/backup/stop to get it up and running. I've always told everybody to create a separate account to do it, and not heard a single comment about that. That said, how about a compromise in that we add the replication flag by default to the initial superuser when it's created? That way, it's at least possible to remove it if you want to. Would that address your complexity concern? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers