| From: | Zeugswetter Andreas SARZ <Andreas(dot)Zeugswetter(at)telecom(dot)at> |
|---|---|
| To: | "'pgsql-hackers(at)hub(dot)org'" <pgsql-hackers(at)hub(dot)org> |
| Subject: | Solution to the pg_user passwd problem !?? (c) |
| Date: | 1998-02-19 13:59:48 |
| Message-ID: | 219F68D65015D011A8E000006F8590C6010A51E3@sdexcsrv1.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
What about:
grant select on pg_user to public;
create rule pg_user_hide_pw as on
select to pg_user.passwd
do instead select '********' as passwd;
Then if I do:
select * from pg_user;
usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd |valuntil
--------+--------+-----------+--------+--------+---------+--------+---------
-------------------
postgres| 6|t |t |t |t |********|Sat Jan
31 07:00:00 2037 NFT
zeus | 60|t |t |f |t |********|
(2 rows)
Also the \d works for all users !
Only "disadvantage" is that noone can read passwd without first dropping the
rule pg_user_hide_pw,
I consider this a feature though ;-)
Since the userauthentication bypasses the rewrite mechanism the logins,
alter user .. and others do work !
Can all of you try to crack this ?
(c) Andreas Zeugswetter
Copyright by Andreas Zeugswetter 1998 contributed to the postgresql project
;-)
Wow, I am actually proud of this (so far, and hope it holds what I think it
does)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | The Hermit Hacker | 1998-02-19 14:14:36 | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Previous Message | Michael Meskes | 1998-02-19 13:13:06 | Re: pg_user permissions problem (Was: Re: [HACKERS] RE: New ecgp code problem.) |