| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
| Cc: | Andrew Sullivan <andrew(at)libertyrms(dot)info>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Password sub-process ... |
| Date: | 2002-07-30 15:23:15 |
| Message-ID: | 3D46AF63.1030502@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Marc G. Fournier wrote:
> I think that is the problem with everyone's "thinking" ... they are only
> dealing with 'small servers', where it only has a couple of databases ...
> I'm currently running a server with >100 domains on it, each one with *at
> least* one database ... each one of those domains, in reality, *could*
> have a user 'bruce' ...
>
> note that I run virtual machines ... so each one fo those 'domains' has
> their own password files, so I can't say to 'client A' that 'client B'
> already has user 'bruce', so you can't use it, even though its unique to
> your system ...
>
> And, I don't want to run 100 pgsql instances on the server, since either
> I'd have to have one helluva lot of RAM dedicated to PgSQL, or have little
> tiny shared memory segments available to each ...
>
> actually, let's add onto that ... let's say every one of those 100 pgsql
> databases is accessed by PHPPgAdmin, through the web ... so, with a
> 'common password' amongst all the various 'bruce's, I could, in theory, go
> to any other domain's PHPPgAdmin, login and see their databases (major
> security problem) ... the way it was before, I could setup a password file
> that contained a different password for each of those domains, so that
> bruce on domain 1 couldn't access domain 2's databases ... or vice versa
> ...
>
> I've CC'd this back into the list, mainly because I think others might be
> 'thinking within the box' on this :(
How hard would it be to do something like this:
1. Add a column called usedatid to pg_shadow. This would contain an
array of database oids to which a user is bound. Use the value 0 to mean
"all databases".
2. Remove unique index on usename (we always know which database a user
is logging in to, don't we?). Change unique index on usesysid to be over
both usesysid and usedatid.
3. Add sufficient grammer to support specifying a specific database when
creating a user. Default to all databases for BC. Add ability to bind to
additional databases in ALTER USER.
Just trying to think outside the box ;-)
Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2002-07-30 15:23:17 | Re: Password sub-process ... |
| Previous Message | Thomas Lockhart | 2002-07-30 15:19:29 | Re: Password sub-process ... |