Re: Open 7.3 items

Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> So the former plain 'postgres' user could still be such to us, to client
> programs, etc, but the backend would assume that that meant
> postgres(at)template1 -- no namespace collision, and the special case is that
> anyone(at)template1 has the behavior the unadorned plain user now has.

The trouble with that scheme is that there is zero interoperability
between the plain-vanilla mode (postgres is postgres in pg_shadow) and
the @-mode (postgres is postgres(at)template1 in pg_shadow). Flip the
configuration switch, in either direction, and you can't log in anymore.
We'd almost have to make it a frozen-at-initdb setting so that initdb
would know which form to put into pg_shadow for the superuser, and so
that entry wouldn't break thereafter.

The reason I like the "lowen" vs "lowen(at)somedb" pattern is that
database-global users can log in the same way whether the feature is
turned on or not; this eliminates the getting-started problem, as well
as the likelihood of shooting yourself in the foot.

It is true that if you have a global user lowen you'd want to avoid
creating any local users lowen(at)somedb, and that the existing code
wouldn't be able to enforce that. We could possibly add a few lines
to CREATE USER to warn about this mistake. (It should be a warning not
an error, since if you have no intention of ever using the @-feature
then there's no reason to restrict your choice of usernames.)

regards, tom lane