"Joe Conway" <[EMAIL PROTECTED]> writes:

> If there are no objections I'll commit this later today.

My objection is that I think we should still revoke access for non-superuser
by default. The patch makes granting execute reasonable for most users but
nonetheless it shouldn't be the default.

Being able to connect to a postgres server shouldn't mean being able to open
tcp connections *from* that server to arbitrary other host/ports. Consider for
example that it would allow a user to perform a port scan from inside your
network to see what internal services are running.

  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?


Reply via email to