| From: | Curt Sampson <cjs(at)cynic(dot)net> |
|---|---|
| To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Sullivan <andrew(at)libertyrms(dot)info>, Thomas Lockhart <lockhart(at)fourpalms(dot)org>, PostgreSQL Hackers List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: WAL file location |
| Date: | 2002-07-31 04:42:25 |
| Message-ID: | Pine.NEB.4.44.0207311340580.493-100000@angelic.cynic.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 31 Jul 2002, Lamar Owen wrote:
> On Tuesday 30 July 2002 11:51 pm, Tom Lane wrote:
> > Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> > >> CREATE DATABASE foo WITH LOCATION = 'BAR'
> > > And requires you to be a database superuser anyway.
>
> > CREATE DATABASE does not require superuser privs, only createdb
> > which is not usually considered particular dangerous.
>
> Pardon my misspeak, as there are those two components to the privs. My error.
> Typically normal users aren't given create database privileges -- at
> least on my systems.
>
> ...But I'm not convinced that the security angle is a
> valid reason. The consistency reason is enough alone to warrant it
> being that way.
We've already had three incorrect security analysis of this in the
space of a couple of hours, from people are reasonably familiar
with postgres and (presumably) use it all the time, and you think
this is not a security problem?!
Anyway, I'll shut up now.
cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yuva Chandolu | 2002-07-31 04:46:57 | Re: Outer join differences |
| Previous Message | Curt Sampson | 2002-07-31 04:40:21 | Re: Rules and Views |