Josh Berkus <j...@agliodbs.com> writes: > On 12/23/10 2:21 PM, Tom Lane wrote: >> Well, that's one laudable goal here, but "secure by default" is another >> one that ought to be taken into consideration.
> I don't see how *not* granting the superuser replication permissions > makes things more secure. The superuser can grant replication > permissions to itself, so why is suspending them by default beneficial? > I'm not following your logic here. Well, the reverse of that is just as true: if we ship it without replication permissions on the postgres user, people can change that if they'd rather not create a separate role for replication. But I think we should encourage people to NOT do it that way. Setting it up that way by default hardly encourages use of a more secure arrangement. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers