| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Please advice TODO Item pg_hba.conf |
| Date: | 2006-04-23 22:28:21 |
| Message-ID: | 20060423222820.GG4775@surnet.cl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Gevik Babakhani wrote:
> > > Personally I think it would be better for the database owner not have
> > > the option to REVOKE himself from the CONNECTION privilege of his own
> > > database.
> >
> > Why? A table owner can revoke privileges from himself.
>
> Of course a TABLE owner can revoke privileges from himself. But why
> would a DATABASE owner want to lock himself out from CONNECTING to his
> database.
I don't know :-) If it doesn't make sense for somebody, then she won't
do it.
It's not like we are going out of our way to allow somebody to revoke
the privileges from oneself. We are just keeping the thing as simple as
possible. As I said, maybe a reasonable option would be to raise a
WARNING when somebody revoked the last CONNECT privilege. So you grant
the privilege to somebody else and the revoke yours.
> Perhaps there is a legitimate reason for this but it doesn't
> make sense. Right? I see it this way: Why should I lockout myself from
> my own house and throw the keys away. (I am a man of simple words and
> examples, I must apologize.)
Maybe you've given a copy of the keys to somebody else.
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gevik Babakhani | 2006-04-23 22:37:44 | Re: Please advice TODO Item pg_hba.conf |
| Previous Message | Jonah H. Harris | 2006-04-23 22:22:27 | Re: Google SoC--Idea Request |