From: | postgres(at)taifun(dot)interface-business(dot)de |
---|---|
To: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | pgsql-general <pgsql-general(at)postgreSQL(dot)org>, Carlos Vicente Altamirano <altacar(at)redes(dot)unam(dot)mx>, Charles Tassell <ctassell(at)isn(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
Subject: | Re: [GENERAL] users in Postgresql |
Date: | 1999-11-04 08:09:29 |
Message-ID: | XFMail.991104090929.postgres@taifun.interface-business.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
>> The contents of the pg_shadow table are written through to a file on disk
>> called pg_pwd, so all the backends can easily access it. However, this
>> write through is not automatic. The create user and alter user commands
>> take care of that, but if you update pg_shadow directly, your changes will
>> not be seen by currently active backends.
>
> Your changes never get to the file, ever, not just current backends.
>
> CREATE USER sql command updates the file, but an UPDATE on pg_shadow
> does not.
IMHO, that's a bug:
It's not forbidden to update or insert into pg_shadow by rule, but if
I do that I will get inconsistent authentication data.
Why not revoke INSERT and UPDATE on pg_shadow?
Or better:
Why not use a trigger on pg_shadow, to handle pg_pwd correctly?
The trigger code is allways in "create/alter user" command handler.
The code should be as near as possible on data!
> We use a file because the postmaster does the password authentication,
> and we don't have any database connection the postmaster.
pg_shadow is a file too, but not in text format like pg_pwd.
Gerald.
From | Date | Subject | |
---|---|---|---|
Next Message | Holger Klawitter | 1999-11-04 09:10:43 | Indices (was Re: [GENERAL] query seems too slow) |
Previous Message | Roomi | 1999-11-04 06:41:53 | !!! Urgent: btree: lost page |
From | Date | Subject | |
---|---|---|---|
Next Message | Tatsuo Ishii | 1999-11-04 08:30:00 | Re: [HACKERS] sort on huge table |
Previous Message | Aaron J. Seigo | 1999-11-04 06:25:51 | Re: [HACKERS] getting new serial value of serial insert |