Bear Giles wrote:
> The really stupid question refers to some of the hardcoded fallback
> values in this code. The reason for having hardcoded values is to
> prevent "downgrade" attacks - you don't want to casually override the
> DBA, but you also don't want to make it easy for a knowledgeable
> attacker to fatally compromise the system in a way that your average
> DBA couldn't catch.
>
> But the problem is that knowledgeable security administrators can
> replace the common hardcoded values with their own. How do you allow
> this to be easily done?
Would GUC variables work? Put in sensible defaults and let the more
knowledgeable security admins override the defaults in postgresql.conf
Joe