| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCHES] Users/Groups -> Roles |
| Date: | 2005-06-28 20:01:42 |
| Message-ID: | 20050628200142.GA13790@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
On Tue, Jun 28, 2005 at 14:52:07 -0500,
Bruno Wolff III <bruno(at)wolff(dot)to> wrote:
> On Tue, Jun 28, 2005 at 14:45:06 -0400,
> Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >
> > If you are the owner of the object to be changed (following the normal
> > owner checking rules) AND would still be considered the owner of the
> > object *after* the change, then you can change the ownership.
>
> That still isn't a good idea, because the new owner may not have had
> access to create the object you just gave to them. Or you may not have
> had access to drop the object you just gave away. That is going to
> be a security hole.
Thinking about it some more, drops wouldn't be an issue since the owner
can always drop objects.
Creating objects in particular schemas or databases is not something that
all roles may be able to do.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2005-06-28 20:05:16 | Re: [PATCHES] Users/Groups -> Roles |
| Previous Message | Nick Johnson | 2005-06-28 19:55:23 | Re: ENUM like data type |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2005-06-28 20:05:16 | Re: [PATCHES] Users/Groups -> Roles |
| Previous Message | Bruno Wolff III | 2005-06-28 19:52:07 | Re: [PATCHES] Users/Groups -> Roles |