On 7/15/09, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
>
> > toruvinn wrote:
> >> I was always wondering, though, why PostgreSQL uses this approach and not
> >> its catalogs.
>
> > It does use the catalog for most things. THe flatfile is used for the
> > situations where the catalogs are not yet ready to be read.
>
>
> Now that we have SQL-level CONNECT privilege, I wonder just how much
> functionality would be lost if we got rid of the flat files and told
> people they had to use CONNECT to do any per-user or per-database
> access control.
>
> The main point I can see offhand is that password checking would have
> to be done a lot later in the startup sequence, with correspondingly
> more cycles wasted to reject bad passwords.
From security standpoint, wasting more cycles on bad passwords is good,
as it decreases the rate bruteforce password scanning can happen.
And I cannot imagine a scenario where performance on invalid logins
can be relevant..
--
marko
