| From: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
|---|---|
| To: | "Trewern, Ben" <Ben(dot)Trewern(at)mowlem(dot)com> |
| Cc: | adeon <adeon(at)tlen(dot)pl>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to deny user changing his own password? |
| Date: | 2003-05-29 16:44:38 |
| Message-ID: | 3ED638F6.5060301@Yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Trewern, Ben wrote:
> Now I think about this it would be useful: I have an Access database
> which connects to postgres and the password is saved in the access
> frontend. If someone (not sure how!) runs ALTER USER ..... WITH
> PASSWORD '....'; via the frontend they could disrupt the connection to
> the postgres backend. I'm sure a similar situation could happen with
> PHP or similar as you often don't use the postgres security features to
> secure your application.
This is the second worst possible reason I can imagine for a feature
like this. Passwords coded into the frontend ... gosh!
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Network Administrator | 2003-05-29 17:03:39 | Re: Blocking access to the database?? |
| Previous Message | Trewern, Ben | 2003-05-29 16:36:04 | Re: How to deny user changing his own password? |