| From: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
|---|---|
| To: | "'Peter Eisentraut'" <peter_e(at)gmx(dot)net>, "Ross J(dot) Reedstrom" <reedstrm(at)rice(dot)edu> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | AW: "setuid" functions, a solution to the RI privilege problem |
| Date: | 2000-09-11 09:06:59 |
| Message-ID: | 11C1E6749A55D411A9670001FA68796336806E@sdexcsrv1.f000.d0188.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> (With 7.2 I plan to get rid of pg_shadow.usesysid and
> identify users via
> pg_shadow.oid and the superuser oid will be hard-coded into
> include/catalog/pg_shadow.h, so at that point they will work.)
Imho it is fine to get rid of the usesysid in our internal authorization
system,
but we should not get rid of the only field that can tie a db user
to an os user. Imho we should not do a "by name" lookup
and eliminate the field. The extra field adds additional flexibility,
like using one os user for many db users, or using different names
for os users.
In the long run we will need a tie to os users for os level setuid user
functions.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2000-09-11 09:54:47 | Re: [HACKERS] I'm unable to access CVS |
| Previous Message | Zeugswetter Andreas SB | 2000-09-11 08:52:05 | AW: man, I feel like a beginner ... |