On 12/23/10 2:21 PM, Tom Lane wrote: > Josh Berkus <j...@agliodbs.com> writes: >> If we still make it possible for "postgres" to replicate, then we don't >> add any complexity to the simplest setup. > > Well, that's one laudable goal here, but "secure by default" is another > one that ought to be taken into consideration.
I don't see how *not* granting the superuser replication permissions makes things more secure. The superuser can grant replication permissions to itself, so why is suspending them by default beneficial? I'm not following your logic here. -- -- Josh Berkus PostgreSQL Experts Inc. http://www.pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers