| From: | Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: ident authentication problem |
| Date: | 2004-04-22 16:16:22 |
| Message-ID: | 20040422161622.GB3292@dcc.uchile.cl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Apr 22, 2004 at 01:58:14PM +0200, Karsten Hilbert wrote:
> a) it seems SQL ledger wants to store data in PostgreSQL
> b) I assume it wants to store *financial* data
> c) local/all/trust means *all* *local* users are *trusted*, eg
> don't require any authentication, hence system account foo
> can access *all* databases (including the SQL-ledger one)
> even though foo does not have a corresponding DB account
>
> Assuming, that there aren't any schema level restrictions
> (GRANTs) set up which may or may not be the case. Forgot to
> mention that point earlier on.
If the data is protected by GRANT/REVOKE, a malicious (or curious) user
can work around them by connecting as the database superuser, so in
practice there's no protection at all.
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Acepta los honores y aplausos y perderás tu libertad"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robin Munn | 2004-04-22 16:29:41 | Illegal characters in database names, table names, user names... |
| Previous Message | John Sidney-Woollett | 2004-04-22 16:10:45 | Re: Missing OID rant |