| From: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | alvherre(at)commandprompt(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: TODO item pg_hba.conf |
| Date: | 2006-04-20 18:52:20 |
| Message-ID: | 1145559140.23834.11.camel@voyager.truesoftware.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2006-04-20 at 14:14 -0400, Tom Lane wrote:
> "Gevik Babakhani" <pgdev(at)xs4all(dot)nl> writes:
> > Would it be correct to state that: only the authentication
> > is checked (username and password) when connecting to the
> > server and not the any kind of privilege to access a database.
>
> Well, that would be the typical usage, ie, people relying on CONNECT
> privilege probably wouldn't put any database-specific conditions into
> pg_hba.conf. But we'd not take out any functionality that's there now.
>
Of course.
> I'm not sure if you realize it, but this should be an extremely small
> patch. In particular, if you think you need to change the parser then
> you are already off on the wrong track. The parser doesn't know
> anything about specific privilege types (as of 8.1 anyway). It'd be
> worth your while to study how the existing privileges on databases
> are handled, eg, exactly what places know about the TEMP privilege.
To study the existing privileges is the first thing on my list. Because
I am new to this, it is sometimes difficult to know what is already
there, and what is possible or not. Your advice in GOLD. Thank you :)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2006-04-20 19:05:49 | Re: TODO item pg_hba.conf |
| Previous Message | Jim C. Nasby | 2006-04-20 18:51:00 | Re: Unresolved Win32 bug reports |