| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | nolan(at)celery(dot)tssi(dot)com |
| Cc: | pgsql general list <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How to deny user changing his own password? |
| Date: | 2003-05-29 19:07:40 |
| Message-ID: | 20030529190740.GB923@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, May 29, 2003 at 13:18:01 -0500,
nolan(at)celery(dot)tssi(dot)com wrote:
> > This is the second worst possible reason I can imagine for a feature
> > like this. Passwords coded into the frontend ... gosh!
>
> Depending on the application, coding a password into the front end can
> be a necessary condition. Think of a PHP web page script that makes
> database calls. How are you going to prevent other unauthorized
> connections from that system? Passwords aren't a perfect security
> device, but they're generally better than no password.
You can use ident authentication.
> I could see some merit to a 'LOCK' option on the alter user command, so that
> the password can only be changed by a superuser.
That would only be useful if the account was shared, which is normally a bad
idea.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Franco Bruno Borghesi | 2003-05-29 19:13:52 | postgresql 7.3.3 |
| Previous Message | Alam Surya | 2003-05-29 19:05:04 | Re: Triggers and Function's |