On 2015-05-20 19:46:12 -0400, Stephen Frost wrote: > In other words, I agree with you that we can't simply get rid of 'trust' > without having another solution. I *do* believe that a real single-user > mode that is only available to the owner of the cluster would go a long > way towards this goal.
I think that's a restriction that doesn't make much sense. What if you want to dump the data as fast as possible to get things up in another machine/datacenter/whatever after a fault? Uh wait, parallel dump won't work with single user mode. This isn't strengthening security. This is making something far too complicated (pg_hba.conf) into something even more complicated, because suddenly even the most basic things only work in some environments. If you want to improve security significantly, make it easier to configure authentication/authorization. That's one of the hardest parts of postgres. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers