| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allowing usernames in pg_hba.conf |
| Date: | 2002-03-12 03:56:20 |
| Message-ID: | Pine.LNX.4.30.0203112250280.690-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dominic J. Eidson writes:
> I'd started a long-ish post about how pgsql should have a proper
> permission model for user-to-database access - when someone pointed me to
> the following url, which I'd like to bring to everybody's attention:
>
> http://candle.pha.pa.us/cgi-bin/pgtodo?privileges
>
> Is this something PeterE's still looking at doing for 7.(I guess 3, now?)
I guess the implementation ideas have changes a little, but the code has
been generalized enough so that you can add privileges on almost anything.
Function and language privleges are available in the 7.3 branch. Those
are the ones most people wanted.
I guess you could add privileges to databases, too. But I'm wary about
keeping the connection permissions in the database because you can easily
lock yourself out that way. However, there are plenty of other ways you
can lock yourself out and in most cases you can start a standalone backend
to fix the situation. So may that would be a possibility.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-03-12 04:42:28 | Re: Domain Support -- another round |
| Previous Message | Alex Lau | 2002-03-12 03:40:33 | Get Object? |