Skip site navigation (1) Skip section navigation (2)

Re: pg_user

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To:
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: pg_user
Date: 2003-10-30 21:30:46
Message-ID: 3FA18306.70403@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers
rfc 1925 (see http://www.faqs.org/rfcs/rfc1925.html ) states:

"With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly overhead."

You can call it security if you like, but I call it trying to make a pig 
fly.

If you don't want your users to know about each other then put them on 
different clusters. Or if they need access to the same data then mediate 
access via a middle layer at the server end instead of allowing direct 
access to the database(s) - three layer models are very common for this 
and other reasons.

cheers

andrew


ivan wrote:

>you can also patch your kernel and when you write cat /etc/passwd system
>give you only your line , whitout any others users, so exacly what you
>need ,
>in pgsql i think that users dont need to know about others , and also
>them
>databases, i call it security :)
>
>On Mon, 27 Oct 2003, Jan Wieck wrote:
>
>  
>
>>ivan wrote:
>>
>>    
>>
>>>hi
>>>
>>>can we change initdb when view pg_user is createing to :
>>>
>>>CREATE VIEW pg_user AS \
>>>    SELECT \
>>>        usename, \
>>>        usesysid, \
>>>        usecreatedb, \
>>>        usesuper, \
>>>        usecatupd, \
>>>        '********'::text as passwd, \
>>>        valuntil, \
>>>        useconfig \
>>>    FROM pg_shadow WHERE usename = SESSION_USER;
>>>      
>>>
>>No, at least not without a complete proposal how to retain the current
>>behaviour of pg_tables, pg_views, psql's \d and other places that rely
>>on pg_user being able to display all users.
>>
>>It's the same thing with your /etc/passwd. chmod o-rwx /etc/passwd will
>>hide the usernames but break many utilities. If you don't want someone
>>to know all the logins, don't give him one.
>>
>>
>>Jan
>>
>>--
>>#======================================================================#
>># It's easier to get forgiveness for being wrong than for being right. #
>># Let's break this rule - forgive me.                                  #
>>#================================================== JanWieck(at)Yahoo(dot)com #
>>
>>    
>>
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>      subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
>      message can get through to the mailing list cleanly
>
>  
>



In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2003-10-30 21:38:43
Subject: Re: [BUGS] Autocomplete <TAB> on Postgres7.4beta5 not working?
Previous:From: scott.marloweDate: 2003-10-30 21:27:50
Subject: Re: pg_user

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group