Re: How to deny user changing his own password?

From: nolan(at)celery(dot)tssi(dot)com
To: pgsql-general(at)postgresql(dot)org (pgsql general list)
Subject: Re: How to deny user changing his own password?
Date: 2003-05-29 18:18:01
Message-ID: 20030529181801.3793.qmail@celery.tssi.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> This is the second worst possible reason I can imagine for a feature
> like this. Passwords coded into the frontend ... gosh!

Depending on the application, coding a password into the front end can
be a necessary condition. Think of a PHP web page script that makes
database calls. How are you going to prevent other unauthorized
connections from that system? Passwords aren't a perfect security
device, but they're generally better than no password.

I could see some merit to a 'LOCK' option on the alter user command, so that
the password can only be changed by a superuser.
--
Mike Nolan

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Andrew Sullivan 2003-05-29 18:31:04 Re: Moving a table to a different schema
Previous Message Bruno Wolff III 2003-05-29 17:27:48 Re: Blocking access to the database??