| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | scrappy(at)hub(dot)org (The Hermit Hacker) |
| Cc: | Andreas(dot)Zeugswetter(at)telecom(dot)at, jwieck(at)debis(dot)com, pgsql-hackers(at)hub(dot)org |
| Subject: | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Date: | 1998-02-19 20:13:12 |
| Message-ID: | 199802192013.PAA12377@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> passswords had to get in there at *some* point...they are there
> now, now we have to extend the security to the next level. Better to move
> forward 1 step at a time. If we remove the REVOKE altogether, the
> passwords are still there, but there is *0* security instead of 50%
> security...
If we remove the REVOKE, then people will not use passwords by mistake,
thinking they are secure. To use them, they have to issue a REVOKE, and
then they are secure.
What am I missing here?
>
> So, I think we should leave the REVOKE/GRANT in initdb, and work
> at having grant/revoke work on a view (such that a view overrides the
> revoke of all on pg_user) so that it is appliable *after* v6.3 is
> released, and available as (if possible) a patch for just after...
>
> We aren't hurting anything by leaving the REVOKE/GRANT in place,
> but I think we are if we remove it and just leave it wide open...
Again, am I missing something?
--
Bruce Momjian
maillist(at)candle(dot)pha(dot)pa(dot)us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom I Helbekkmo | 1998-02-19 20:29:50 | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Previous Message | Brook Milligan | 1998-02-19 20:09:40 | Re: [HACKERS] Platform status |