Re: dropping user doesn't erase his rights.

From: Hubert depesz Lubaczewski <depesz(at)depesz(dot)pl>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: dropping user doesn't erase his rights.
Date: 2003-01-09 16:40:30
Message-ID: 20030109164030.GA1199@depesz.pl
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On Thu, Jan 09, 2003 at 11:21:56AM -0500, Tom Lane wrote:
> Difficult to do, when those privileges might be recorded in databases
> you're not even connected to at the time of the drop.

I belive it would be pretty difficult, but leaving it "just like that"
creates ssecurity breach (imagine someone droping user, beliving that
everytinh is o.k.), than someone else creates different user but with
keeping unused sysid (this might be the case with system users and
keeping system user-id with database user-id the same) - which happens
to be "not unused". i'm not sure if i'm clear about it.

depesz

--
hubert depesz lubaczewski http://www.depesz.pl/
> wynajmę mieszkanie - 60 metrów, 3 pokoje, piastów - od lutego (po <
-=> remoncie) interesuje cię - napisz: depesz(at)depesz(dot)pl <=-

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2003-01-09 21:44:33 Re: Libpq is not a shared library on Mac OS X
Previous Message Tom Lane 2003-01-09 16:21:56 Re: dropping user doesn't erase his rights.