| From: | Hubert depesz Lubaczewski <depesz(at)depesz(dot)pl> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: dropping user doesn't erase his rights. |
| Date: | 2003-01-09 16:40:30 |
| Message-ID: | 20030109164030.GA1199@depesz.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Jan 09, 2003 at 11:21:56AM -0500, Tom Lane wrote:
> Difficult to do, when those privileges might be recorded in databases
> you're not even connected to at the time of the drop.
I belive it would be pretty difficult, but leaving it "just like that"
creates ssecurity breach (imagine someone droping user, beliving that
everytinh is o.k.), than someone else creates different user but with
keeping unused sysid (this might be the case with system users and
keeping system user-id with database user-id the same) - which happens
to be "not unused". i'm not sure if i'm clear about it.
depesz
--
hubert depesz lubaczewski http://www.depesz.pl/
> wynajmę mieszkanie - 60 metrów, 3 pokoje, piastów - od lutego (po <
-=> remoncie) interesuje cię - napisz: depesz(at)depesz(dot)pl <=-
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-01-09 21:44:33 | Re: Libpq is not a shared library on Mac OS X |
| Previous Message | Tom Lane | 2003-01-09 16:21:56 | Re: dropping user doesn't erase his rights. |