Re: [BUGS] BUG #4919: CREATE USER command slows down system performance

On 7/15/09, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
>
> > toruvinn wrote:
>  >> I was always wondering, though, why PostgreSQL uses this approach and not
>  >> its catalogs.
>
>  > It does use the catalog for most things.  THe flatfile is used for the
>  > situations where the catalogs are not yet ready to be read.
>
>
> Now that we have SQL-level CONNECT privilege, I wonder just how much
>  functionality would be lost if we got rid of the flat files and told
>  people they had to use CONNECT to do any per-user or per-database
>  access control.
>
>  The main point I can see offhand is that password checking would have
>  to be done a lot later in the startup sequence, with correspondingly
>  more cycles wasted to reject bad passwords.

From security standpoint, wasting more cycles on bad passwords is good,
as it decreases the rate bruteforce password scanning can happen.

And I cannot imagine a scenario where performance on invalid logins
can be relevant..

--
marko