Re: Heading to final release - Mailing list pgsql-hackers
| From | Rod Taylor |
|---|---|
| Subject | Re: Heading to final release |
| Date | |
| Msg-id | 1066135990.46588.85.camel@jester Whole thread Raw |
| In response to | Re: Heading to final release (Jan Wieck <JanWieck@Yahoo.com>) |
| Responses |
feature request
|
| List | pgsql-hackers |
> >> Some dumb-user/fat-finger/ooops protection is surely welcome, but there > >> is a limit. A system console has to be behind a locked door instead of > >> the single-user boot being root-password protected. As soon as people > > > > Unfortunately, as more and more companies start to outsource their > > server administration these are the people who will be interacting with > > the database more in this role -- in fact, for most it is the only time > > they'll ever be on the database box. > You can build more secure systems as long as you want, evolution will > develop the better idiot. As long as you create safer cars with more Consider it like shipping. You can assume that UPS, FedEx or whomever will be nice and gentle to the package marked 'Fragile' and has a 'This Side Up' sticker OR you can double box it and use plenty of tightly packed peanuts. One of those 2 options is bound to have busted up contents by the time it reaches the other side nearly every time -- but they could still run a fork lift through the thing. Yes, if you're going to drive the package to the destination yourself, then all of the extra packaging would just get in the way -- but shipping has been outsourced by your company to save funds. If the product breaks when it gets to the client, it isn't going to be the shipping companies fault. It's the same reason PostgreSQL will not load when the blocksize has changed and why RESTRICT / CASCADE options exist for inter-object enforcement. Anyway, add the option if you like BUT can we start protecting these things with something more than superuser access? You require superuser to do daily maintenance tasks with PostgreSQL but for the most part these are exactly the wrong people to be making decisions about whether it is safe to do action X or Y at the time. Anyway, one of the local Nuclear power plants has safety courses. At the safest plant in Canada the operators have an accuracy rate of close to 99.9%. That is, they make the correct choice or complete the correct action for 99.9% of the choices in their day. This means at that plant there are 50 potentially fatal decision made every month. I simply want to remove the junior electricians ability to pick the wrong panel at the datacentre by ensuring someone else has given them the key. I want to remove my 'super users' ability to make a bad decision (even though they're 99.9% accurate in their decision making) by granting or revoking their ability to do so.
pgsql-hackers by date: