But is it possible? For a demo account it can be handy. Because visitors, can change the vistor account, so the next visitor can't login. And the owner of the demo can't recover the password. The problem for me is that I only have 2 database users. So i can't afford is to lose one. Tjibbe > To: t(dot)b(dot)rijpma(at)student(dot)tudelft(dot)nl> CC: pgsql-novice(at)postgresql(dot)org> Subject: Re: [NOVICE] REVOKE on ALTER USER, DROP USER > Date: Sun, 8 Jul 2007 12:22:58 -0400> From: tgl(at)sss(dot)pgh(dot)pa(dot)us> > Tjibbe <tjibbe(at)hotmail(dot)com> writes:> > Hello, Is het possible tot REVOKE the ALTER USER command? In such a way tha=> > t users cannot change their password and username? And also cannot delete t=> > hemeself with DROP USER?> > Ordinary users (those without superuser or createrole privilege) can't> do any of that except change their own password ... and I don't see a> particularly good argument for preventing them from doing that.> > > Now I solve the problem in PHP, to filter de SQL query string behore sendin=> > g to postgresql as follows:> > If you're allowing untrusted sources to provide chunks of SQL to be> executed directly, you've got problems far worse than this one.> > regards, tom lane> > ---------------------------(end of broadcast)---------------------------> TIP 4: Have you searched our list archives?> > http://archives.postgresql.org
Jouw nieuws: wereldnieuws! Beleef 't op MSN.nl
Zoek met Live Search en ervaar het verschil. Test het NU, klik hier!
pgsql-novice by date
|Next:||From: Frank Bax||Date: 2007-07-08 19:45:52|
|Subject: Re: distinct doesn't work|
|Previous:||From: Tom Lane||Date: 2007-07-08 16:22:58|
|Subject: Re: REVOKE on ALTER USER, DROP USER |