| From: | "Trewern, Ben" <Ben(dot)Trewern(at)mowlem(dot)com> |
|---|---|
| To: | 'Jan Wieck' <JanWieck(at)Yahoo(dot)com>, adeon <adeon(at)tlen(dot)pl> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to deny user changing his own password? |
| Date: | 2003-05-29 16:36:04 |
| Message-ID: | 996802F75C3CD411B424001083FA445B534DFA@CET_PONXX_FP001 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Now I think about this it would be useful: I have an Access database which
connects to postgres and the password is saved in the access frontend. If
someone (not sure how!) runs ALTER USER ..... WITH PASSWORD '....'; via the
frontend they could disrupt the connection to the postgres backend. I'm
sure a similar situation could happen with PHP or similar as you often don't
use the postgres security features to secure your application.
Regards,
Ben Trewern
-----Original Message-----
From: Jan Wieck [mailto:JanWieck(at)Yahoo(dot)com]
Sent: 29 May 2003 14:52
To: adeon
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] How to deny user changing his own password?
adeon wrote:
> Hi
>
> My question is in subject.
> How can I deny user changing his own password using
> ALTER USER user WITH PASSWORD 'password'; ?
AFAIK you can't, IMHO you shouldn't anyway and I would object against such
useless feature.
Jan
>
> Thanks
> adeon
>
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo(at)postgresql(dot)org so that your message
can get through to the mailing list cleanly
*****************************************************************************
This email and any attachments transmitted with it are confidential
and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the sender and do not store, copy or disclose the content
to any other person.
It is the responsibility of the recipient to ensure that opening this
message and/or any of its attachments will not adversely affect
its systems. No responsibility is accepted by the Company.
*****************************************************************************
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 2003-05-29 16:44:38 | Re: How to deny user changing his own password? |
| Previous Message | Carlos | 2003-05-29 16:29:16 | Blocking access to the database?? |