Skip site navigation (1) Skip section navigation (2)

Re: WAL file location

From: Curt Sampson <cjs(at)cynic(dot)net>
To: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,Andrew Sullivan <andrew(at)libertyrms(dot)info>,Thomas Lockhart <lockhart(at)fourpalms(dot)org>,PostgreSQL Hackers List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: WAL file location
Date: 2002-07-31 04:42:25
Message-ID: Pine.NEB.4.44.0207311340580.493-100000@angelic.cynic.net (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wed, 31 Jul 2002, Lamar Owen wrote:

> On Tuesday 30 July 2002 11:51 pm, Tom Lane wrote:
> > Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> > >> CREATE DATABASE foo WITH LOCATION = 'BAR'
> > > And requires you to be a database superuser anyway.
>
> > CREATE DATABASE does not require superuser privs, only createdb
> > which is not usually considered particular dangerous.
>
> Pardon my misspeak, as there are those two components to the privs.  My error.
> Typically normal users aren't given create database privileges -- at
> least on my systems.
>
> ...But I'm not convinced that the security angle is a
> valid reason. The consistency reason is enough alone to warrant it
> being that way.

We've already had three incorrect security analysis of this in the
space of a couple of hours, from people are reasonably familiar
with postgres and (presumably) use it all the time, and you think
this is not a security problem?!

Anyway, I'll shut up now.

cjs
-- 
Curt Sampson  <cjs(at)cynic(dot)net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC


In response to

pgsql-hackers by date

Next:From: Yuva ChandoluDate: 2002-07-31 04:46:57
Subject: Re: Outer join differences
Previous:From: Curt SampsonDate: 2002-07-31 04:40:21
Subject: Re: Rules and Views

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group