On 7/15/09, Tom Lane <t...@sss.pgh.pa.us> wrote: > Alvaro Herrera <alvhe...@commandprompt.com> writes: > > > toruvinn wrote: > >> I was always wondering, though, why PostgreSQL uses this approach and not > >> its catalogs. > > > It does use the catalog for most things. THe flatfile is used for the > > situations where the catalogs are not yet ready to be read. > > > Now that we have SQL-level CONNECT privilege, I wonder just how much > functionality would be lost if we got rid of the flat files and told > people they had to use CONNECT to do any per-user or per-database > access control. > > The main point I can see offhand is that password checking would have > to be done a lot later in the startup sequence, with correspondingly > more cycles wasted to reject bad passwords.
>From security standpoint, wasting more cycles on bad passwords is good, as it decreases the rate bruteforce password scanning can happen. And I cannot imagine a scenario where performance on invalid logins can be relevant.. -- marko -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
