| From: | Rod Taylor <rbt(at)zort(dot)ca> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruno Wolff III <bruno(at)wolff(dot)to>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Password sub-process ... |
| Date: | 2002-07-26 17:49:30 |
| Message-ID: | 1027705772.307.28.camel@jester |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2002-07-26 at 12:55, Marc G. Fournier wrote:
> On Fri, 26 Jul 2002, Tom Lane wrote:
>
> > Rod Taylor <rbt(at)zort(dot)ca> writes:
> > > This still doesn't allow john on db1 to be a different user than john on
> > > db2. To accomplish that (easily) we still need to install different
> > > instances for each database.
> >
> > Some people think that cross-database user names are a feature, not
> > a bug. I cannot see any way to change that without creating huge
> > backward-compatibility headaches --- and it's not at all clear to
> > me that it's a step forward, anyway.
> >
> > I think that it might be worth adding a CONNECT privilege at the
> > database level; that together with Bruce's recent revisions to
> > pg_hba.conf ought to be a pretty good improvement.
> Also, I thnk I might have missed the point of the whole CONNECT privilege
> thing ... if I have two ppl named joe on the system, each with different
> passwords, how does the CONNECT know which one is the one that has access
> to that database?
Well.. right now we call one db1_joe and db2_joe. I meant adding the
ability to lock some users to specific DBs -- and only exist there.
Authentication would use destination DB as well as username.
Where DB is null, the user is a global user. Usernames would still be
unique per database.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yuva Chandolu | 2002-07-26 20:03:40 | regd count(count(*)) in group by |
| Previous Message | Rod Taylor | 2002-07-26 17:27:47 | Re: Password sub-process ... |