On Wed, 31 Jul 2002, Lamar Owen wrote: > On Tuesday 30 July 2002 11:51 pm, Tom Lane wrote: > > Lamar Owen <[EMAIL PROTECTED]> writes: > > >> CREATE DATABASE foo WITH LOCATION = 'BAR' > > > And requires you to be a database superuser anyway. > > > CREATE DATABASE does not require superuser privs, only createdb > > which is not usually considered particular dangerous. > > Pardon my misspeak, as there are those two components to the privs. My error. > Typically normal users aren't given create database privileges -- at > least on my systems. > > ...But I'm not convinced that the security angle is a > valid reason. The consistency reason is enough alone to warrant it > being that way.
We've already had three incorrect security analysis of this in the space of a couple of hours, from people are reasonably familiar with postgres and (presumably) use it all the time, and you think this is not a security problem?! Anyway, I'll shut up now. cjs -- Curt Sampson <[EMAIL PROTECTED]> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
