I have been looking at PostgreSQL.  

Having gotten used to Oracle 8.1 Postgres seems a bit puny.  However, it is 
clearly a compentent little ORDBMS with an unbeatable Initial Cost of 
Ownership.

Unfortunately, all the documentation seems to indicate that security is weak 
to the point of non-existance.  To secure a Pgsql database secure the *NIX 
box where it lives and let no one but the Sys Admin, DBA, very trusted 
developers (and trusted code) have user accounts on the database.  Everyone 
else connects through a trusted application or not at all.

Most important, I can't find anyway to keep a normal user from creating 
tables, indexes or other objects.  Furthermore, it looks like a user defaults 
to access to objects.  Just as bad, Postgres has no extensions to SQL-92/99 
security so GRANT/REVOKE must be done object by object.

I write this in the hope that I am thoroughly mistaken and some kind citizen 
will correct my errors.