| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Sean Chittenden <sean(at)chittenden(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Per database users/admins, handy for database virtual hosting... |
| Date: | 2004-03-26 03:54:39 |
| Message-ID: | 18521.1080273279@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Sean Chittenden <sean(at)chittenden(dot)org> writes:
>> Come to think of it, the same risk of conflict applies for user
>> *names*, and we can't easily make an end-run around that.
> That's why I used UNION ALL in my example. Reserved usernames that are
> in the cluster should be just as valid as usernames that are in the
> local database table.
I don't follow. You can't think that allowing the same name to appear
globally and locally is a good idea. If I say "GRANT TO foo", who am
I granting privileges to? And I don't want to say that there is no
difference because they are the same user. That will open up some nasty
security holes, eg, being able to pretend that you are the global
postgres superuser if you can set the password for a local user by the
same name.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | mike g | 2004-03-26 04:20:15 | Returning number of rows - Copy In function |
| Previous Message | Sean Chittenden | 2004-03-26 03:39:11 | Re: Per database users/admins, handy for database virtual hosting... |