From: | Jim Mercer <jim(at)reptiles(dot)org> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: template1, can there be a template2/3/4? |
Date: | 2001-06-04 16:45:47 |
Message-ID: | 20010604124547.Y9538@reptiles.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, Jun 04, 2001 at 12:29:08PM -0400, Tom Lane wrote:
> > i imagine it would be architectually difficult to have seperate user/group
> > tables per database.
>
> Codewise it would be trivial --- remove 'em from the list of shared
> relations. From the point of view of backwards compatibility, however,
> that's not likely to happen.
>
> If you want to restrict users to connect only to their own database,
> the 'sameuser' option in pg_hba.conf might be helpful.
my goal is a bit bigger than that.
at some point in the past, i posted a tweak that allowed one to have a
database authenticated similar to that of /bin/login.
ie. the client passes username/plain-text password, and that is authenticated
against crypto-gunge in the pg_shadow table.
(currently the authentication schemes seem to insist on storing plain-text
passwords in pg_shadow, which i just can't stomach).
(that tweak BTW was done in a completely reverse-compatability way)
with this tweak in place, i can then do PHP scripts which allow the webserver
to store the username/plain-textpass in session variables, and use them with
each call to the pgsql API.
this allows me to use the system catalogs for allowing/denying access to the
tables, without having to fake up some table with SELECT priv for user
"nobody" (or whatever the webserver is running as).
further to this, if i can have seperate pg_user/pg_shadow per database, then
i can have wholly seperate userbases for each database, rather than trying
to manage all my users in a single table.
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Mercer | 2001-06-04 16:51:54 | Re: template1, can there be a template2/3/4? |
Previous Message | Lamar Owen | 2001-06-04 16:45:24 | Re: 7.1.2 packaging |