On Wed, 31 Jul 2002, Lamar Owen wrote:
> On Tuesday 30 July 2002 11:51 pm, Tom Lane wrote:
> > Lamar Owen <lamar.owen@wgcr.org> writes:
> > >> CREATE DATABASE foo WITH LOCATION = 'BAR'
> > > And requires you to be a database superuser anyway.
>
> > CREATE DATABASE does not require superuser privs, only createdb
> > which is not usually considered particular dangerous.
>
> Pardon my misspeak, as there are those two components to the privs. My error.
> Typically normal users aren't given create database privileges -- at
> least on my systems.
>
> ...But I'm not convinced that the security angle is a
> valid reason. The consistency reason is enough alone to warrant it
> being that way.
We've already had three incorrect security analysis of this in the
space of a couple of hours, from people are reasonably familiar
with postgres and (presumably) use it all the time, and you think
this is not a security problem?!
Anyway, I'll shut up now.
cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're
alllight. --XTC
