From: | Richard Huxton <dev(at)archonet(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Sean Chittenden <sean(at)chittenden(dot)org> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Per database users/admins, handy for database virtual hosting... |
Date: | 2004-03-26 18:31:35 |
Message-ID: | 200403261831.35393.dev@archonet.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Friday 26 March 2004 15:09, Tom Lane wrote:
> Sean Chittenden <sean(at)chittenden(dot)org> writes:
> >
> > Agreed, but if a cluster is using LOCAL USERs, I doubt highly that
> > CLUSTER/GLOBAL users would be in use much beyond super users. -sc
>
> Exactly my point. I think that it might be possible for a
> locally-privileged DBA to give himself superuser privileges by skating
> on this confusion between who is whom. Once he creates a local user
> with the same name as the global superuser, the door is open to problems
> --- not only possible bugs in our own code, but plain old human error on
> the part of the real superuser.
Maybe it's me being slow, but are we not being over-complicated here? What's
wrong with saying "database D1 looks up users in local table, D2 in the
global table". If you are connected to D1, then no-one can see the global
userlist.
The global user "richard" cannot log into D1, and the local user "richard" can
log only into D1.
> In short, I say it's a bad idea with no redeeming social value. I can't
> see any positive use-case for having local usernames that conflict with
> global ones.
In a shared-hosting situation, I can see "local super-users" both wanting to
create users called (e.g.) "plone".
--
Richard Huxton
Archonet Ltd
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2004-03-26 18:42:37 | Re: Per database users/admins, handy for database virtual hosting... |
Previous Message | markw | 2004-03-26 17:00:56 | Re: [HACKERS] fsync method checking |