Re: Streaming replication as a separate permissions

On 12/23/10 2:21 PM, Tom Lane wrote:
> Josh Berkus <josh@agliodbs.com> writes:
>> If we still make it possible for "postgres" to replicate, then we don't
>> add any complexity to the simplest setup.
> 
> Well, that's one laudable goal here, but "secure by default" is another
> one that ought to be taken into consideration.

I don't see how *not* granting the superuser replication permissions
makes things more secure.  The superuser can grant replication
permissions to itself, so why is suspending them by default beneficial?I'm not following your logic here.

--                                  -- Josh Berkus                                    PostgreSQL Experts Inc.
                        http://www.pgexperts.com