> passswords had to get in there at *some* point...they are there
> now, now we have to extend the security to the next level. Better to move
> forward 1 step at a time. If we remove the REVOKE altogether, the
> passwords are still there, but there is *0* security instead of 50%
> security...
If we remove the REVOKE, then people will not use passwords by mistake,
thinking they are secure. To use them, they have to issue a REVOKE, and
then they are secure.
What am I missing here?
>
> So, I think we should leave the REVOKE/GRANT in initdb, and work
> at having grant/revoke work on a view (such that a view overrides the
> revoke of all on pg_user) so that it is appliable *after* v6.3 is
> released, and available as (if possible) a patch for just after...
>
> We aren't hurting anything by leaving the REVOKE/GRANT in place,
> but I think we are if we remove it and just leave it wide open...
Again, am I missing something?
--
Bruce Momjian
maillist@candle.pha.pa.us
