Re: How to deny user changing his own password?

I was actually thinking the same thing. Typically the use for a web user runs a
system user with minimalistic permissions on the other hand, the **database**
user that any CGI scripts connect to the database as need permissions to the
database resources- two entirely different things.

Unless you choose to have different DB user for each application with a web
interface,
you might be faced with a serious problem if the DB user's account password gets
changed since that DB user's account is effectively used for several applications.

Quoting nolan(at)celery(dot)tssi(dot)com:

> > This is the second worst possible reason I can imagine for a feature
> > like this. Passwords coded into the frontend ... gosh!
>
> Depending on the application, coding a password into the front end can
> be a necessary condition. Think of a PHP web page script that makes
> database calls. How are you going to prevent other unauthorized
> connections from that system? Passwords aren't a perfect security
> device, but they're generally better than no password.
>
> I could see some merit to a 'LOCK' option on the alter user command, so that
>
> the password can only be changed by a superuser.
> --
> Mike Nolan
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
>

--
Keith C. Perry
Director of Networks & Applications
VCSN, Inc.
http://vcsn.com

____________________________________
This email account is being host by:
VCSN, Inc : http://vcsn.com