On 12/23/10 2:21 PM, Tom Lane wrote:
> Josh Berkus <[email protected]> writes:
>> If we still make it possible for "postgres" to replicate, then we don't
>> add any complexity to the simplest setup.
>
> Well, that's one laudable goal here, but "secure by default" is another
> one that ought to be taken into consideration.
I don't see how *not* granting the superuser replication permissions
makes things more secure. The superuser can grant replication
permissions to itself, so why is suspending them by default beneficial?
I'm not following your logic here.
--
-- Josh Berkus
PostgreSQL Experts Inc.
http://www.pgexperts.com
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
