Re: Password sub-process ...

From: Joe Conway <mail(at)joeconway(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc: Andrew Sullivan <andrew(at)libertyrms(dot)info>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Password sub-process ...
Date: 2002-07-30 15:23:15
Message-ID: 3D46AF63.1030502@joeconway.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Marc G. Fournier wrote:
> I think that is the problem with everyone's "thinking" ... they are only
> dealing with 'small servers', where it only has a couple of databases ...
> I'm currently running a server with >100 domains on it, each one with *at
> least* one database ... each one of those domains, in reality, *could*
> have a user 'bruce' ...
>
> note that I run virtual machines ... so each one fo those 'domains' has
> their own password files, so I can't say to 'client A' that 'client B'
> already has user 'bruce', so you can't use it, even though its unique to
> your system ...
>
> And, I don't want to run 100 pgsql instances on the server, since either
> I'd have to have one helluva lot of RAM dedicated to PgSQL, or have little
> tiny shared memory segments available to each ...
>
> actually, let's add onto that ... let's say every one of those 100 pgsql
> databases is accessed by PHPPgAdmin, through the web ... so, with a
> 'common password' amongst all the various 'bruce's, I could, in theory, go
> to any other domain's PHPPgAdmin, login and see their databases (major
> security problem) ... the way it was before, I could setup a password file
> that contained a different password for each of those domains, so that
> bruce on domain 1 couldn't access domain 2's databases ... or vice versa
> ...
>
> I've CC'd this back into the list, mainly because I think others might be
> 'thinking within the box' on this :(

How hard would it be to do something like this:

1. Add a column called usedatid to pg_shadow. This would contain an
array of database oids to which a user is bound. Use the value 0 to mean
"all databases".

2. Remove unique index on usename (we always know which database a user
is logging in to, don't we?). Change unique index on usesysid to be over
both usesysid and usedatid.

3. Add sufficient grammer to support specifying a specific database when
creating a user. Default to all databases for BC. Add ability to bind to
additional databases in ALTER USER.

Just trying to think outside the box ;-)

Joe

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Neil Conway 2002-07-30 15:23:17 Re: Password sub-process ...
Previous Message Thomas Lockhart 2002-07-30 15:19:29 Re: Password sub-process ...