From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | brandys(at)eng3(dot)hep(dot)uiuc(dot)edu (todd brandys) |
Cc: | hackers(at)postgreSQL(dot)org (PostgreSQL-development) |
Subject: | Re: New pg_pwd patch and stuff |
Date: | 1998-02-13 20:11:01 |
Message-ID: | 199802132012.PAA19697@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Are you working on an initdb option for passwords, so we don't have
pg_user world-unreadable by default?
>
> > What, pg_user is not readable by world anymore? This could be a problem.
>
> It has to be this way, otherwise it would be possible for user to see other
> users' passwords in pg_user. I spoke to you all about this when I first started.
> I was going to make a separate relation (pg_password), but I was convinced not
> to since there is a one to one correlation between users and passwords. At this
> point I sent email to the effect that pg_user could no longer be readable by
> the group 'public'. If it was readable by public, then the passwords would have
> to be encrypted in pg_user. If this is the case, then the frontends will have
> to pass an unencrypted password over the network. Again this degrades the
> security of PostgreSQL.
>
> The real solution to this problem would be to create a pg_privileges relation,
> overhauling the privileges system entirely. Then we could just restrict access
> to the password column of pg_user. However, I would suggest that the entire
> pg_privileges table be cached in shared memory to speed things up. I am unsure
> if the catalog table are cached in shared memory or not (They really should be,
> but then this would probably require some logging to files in case of system
> crash).
>
> In the meantime, there should really be nothing that the average user will need
> from pg_user. The '\d' is the only problem I have encountered thus far, and I
> hope to solve that problem soon. Therefore, if you really, really need something
> from pg_user, then you need to have select privileges given to you explicitly,
> or you could explicitly give them to public. This would, however, give public
> the ability to see user passwords (If you are using, HBA only, then just give
> public the select over pg_user).
>
> Todd A. Brandys
> brandys(at)eng3(dot)hep(dot)uiuc(dot)edu
>
>
--
Bruce Momjian
maillist(at)candle(dot)pha(dot)pa(dot)us
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 1998-02-13 20:12:22 | Re: [HACKERS] Re: [QUESTIONS] trouble grouping rows |
Previous Message | Bruce Momjian | 1998-02-13 20:09:42 | Re: [HACKERS] Re: [PORTS] v6.3 release ToDo list and supported ports |